What the vulnerability does
01Description
Missing Authorization vulnerability in WP Swings Event Tickets Manager for WooCommerce event-tickets-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Tickets Manager for WooCommerce: from n/a through <= 1.5.5.
Explanation of Vulnerability in Simple Terms
02Summary
Event Tickets Manager for WooCommerce versions 1.5.5 and earlier lack proper authorization checks, allowing unauthenticated attackers to modify ticket data and disrupt event operations. The vulnerability requires no user interaction and can be exploited over the network. Site owners should update immediately to a version newer than 1.5.5.
What an attacker can do
03Attacker Capabilities
Modify or delete event ticket data without logging in.
Potential impact on your site
04Site Impact
Attackers can tamper with ticket inventory and event availability without credentials.
Conditions required to exploit
05Prerequisites
Network access only; no authentication or user interaction required.
Key dates
06Disclosure timeline
July 13, 2026
CVE published