What the vulnerability does
01Description
Unauthenticated Broken Access Control in Event Tickets Manager for WooCommerce <= 1.5.3 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
What the vulnerability does
Unauthenticated Broken Access Control in Event Tickets Manager for WooCommerce <= 1.5.3 versions.
Explanation of Vulnerability in Simple Terms
Event Tickets Manager for WooCommerce versions up to 1.5.3 lack proper authorization checks, allowing unauthenticated attackers to modify ticket data over the network. The vulnerability does not expose sensitive information or disrupt service availability, but permits unauthorized changes to event ticket records. Site administrators should update to a version newer than 1.5.3 as soon as available.
What an attacker can do
Modify event ticket data without authentication or user interaction.
Potential impact on your site
Attackers can alter ticket records, prices, or availability without logging in.
Conditions required to exploit
Network access only; no authentication or user action required.
Key dates
External resources
Related vulnerabilities