Description
The My Tickets – Accessible Event Ticketing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.0.16. This is due to the mt_save_profile() function not appropriately restricting access to unauthorized users to update roles. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update their role to that of an administrator.
Published: 2025-04-24
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation to Administrator
Action: Immediate Update
AI Analysis

Impact

The My Tickets – Accessible Event Ticketing WordPress plugin contains a flaw in the mt_save_profile function that fails to enforce proper access control when updating user roles. Because the function does not restrict which users may change role values, an authenticated user who has Subscriber level access or higher can change the role field to Administrator, elevating their privileges to full site control. This vulnerability is a classic example of a privilege escalation weakness (CWE‑269).

Affected Systems

WordPress sites that have installed the My Tickets – Accessible Event Ticketing plugin from the vendor joedolson, in any version up to and including 2.0.16. The plugin is commonly employed to manage event tickets, and any site running these versions is potentially affected.

Risk and Exploitability

The CVSS base score of 8.8 reflects the high severity of the flaw, whereas the EPSS score of less than 1% indicates that exploitation is currently unlikely in the wild. The vulnerability is not listed in the CISA KEV catalog. Attackers need only valid credentials with Subscriber‑level permissions or higher; the attack path consists of sending a normal profile update request that modifies the role field. No additional network or system prerequisites are required, making the exploitation straightforward for any authenticated user who discovers the issue.

Generated by OpenCVE AI on April 22, 2026 at 07:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the My Tickets – Accessible Event Ticketing plugin to the latest available version that addresses the role update flaw; if no version announcement exists, consult the vendor’s changelog for a fix.
  • Revoke any Administrator privileges that have been granted through the vulnerability and reset the affected user accounts to their original roles.
  • Disable or restrict the ability for users to change roles via the mt_save_profile endpoint—this can be done by disabling the plugin feature that allows role editing or by implementing custom role‑change validation logic to enforce appropriate authorization.

Generated by OpenCVE AI on April 22, 2026 at 07:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-12137 The My Tickets – Accessible Event Ticketing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.0.16. This is due to the mt_save_profile() function not appropriately restricting access to unauthorized users to update roles. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update their role to that of an administrator.
History

Thu, 24 Apr 2025 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 24 Apr 2025 07:15:00 +0000

Type Values Removed Values Added
Description The My Tickets – Accessible Event Ticketing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.0.16. This is due to the mt_save_profile() function not appropriately restricting access to unauthorized users to update roles. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update their role to that of an administrator.
Title My Tickets – Accessible Event Ticketing <= 2.0.16 - Authenticated (Subscriber+) Privilege Escalation
Weaknesses CWE-269
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T16:59:28.189Z

Reserved: 2025-04-17T12:33:35.406Z

Link: CVE-2025-3761

cve-icon Vulnrichment

Updated: 2025-04-24T13:03:59.696Z

cve-icon NVD

Status : Deferred

Published: 2025-04-24T07:15:31.437

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-3761

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T07:45:11Z

Weaknesses