CVE-2025-3761

Published Apr 24, 2025

Last updated 2 months ago

CVSS high 8.8

Overview

Description
The My Tickets โ€“ Accessible Event Ticketing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.0.16. This is due to the mt_save_profile() function not appropriately restricting access to unauthorized users to update roles. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update their role to that of an administrator.
Source
security@wordfence.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Primary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

security@wordfence.com
CWE-269

Social media

Hype score
Not currently trending

  1. ๐Ÿšจ CVE-2025-3761 ๐Ÿ”ด HIGH (8.8) ๐Ÿข joedolson - My Tickets โ€“ Accessible Event Ticketing ๐Ÿ—๏ธ * ๐Ÿ”— https://t.co/iWN99TygGd ๐Ÿ”— https://t.co/QWcMR7c9Wv #CyberCron #VulnAlert #InfoSec https://t.co/o28Zuysq3n

    @cybercronai

    24 Apr 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. New post from https://t.co/uXvPWJy6tj (CVE-2025-3761 | My Tickets Plugin up to 2.0.16 on WordPress mt_save_profile privileges management) has been published on https://t.co/O6P1xdM1p3

    @WolfgangSesin

    24 Apr 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. ๏ฟฝ๏ฟฝ CVE-2025-3761 - WordPress - HIGH ๐Ÿšจ ๐Ÿ—“๏ธ Date published 2025-04-24 07:15:31 UTC #WordPress #CyberSecurity #InfoSec #Vulnerability #TechNews https://t.co/dpEXqfQsB4

    @vulns_space

    24 Apr 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. [CVE-2025-3761: HIGH] WordPress plugin My Tickets โ€“ Accessible Event Ticketing up to version 2.0.16 is susceptible to Privilege Escalation. The mt_save_profile() function could allow unauthorized users to esca...#cve,CVE-2025-3761,#cybersecurity https://t.co/DcMP36SG5q https://t.

    @CveFindCom

    24 Apr 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2025-3761 The My Tickets โ€“ Accessible Event Ticketing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.0.16. This is due to the โ€ฆ https://t.co/I8Zi0tBgFo

    @CVEnew

    24 Apr 2025

    344 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.