What is CVE-2026-41471?

CVE-2026-41471 is a high-severity vulnerability in Scott Paterson Easy-paypal-events-tickets, classified under Authorization Bypass Through User-Controlled Key. CVSS score: 7.5/10. Published 2026-05-04.

How severe is CVE-2026-41471?

High severity. CVSS v3 base score is 7.5 out of 10.

Auth bypass in Scott Paterson Easy-paypal-events-tickets

CVE-2026-41471

The Easy PayPal Events & Tickets plugin for WordPress before version 1.4 contains an information disclosure vulnerability in the QR code scanning endpoint that allows unauthenticated attackers to enumerate and retrieve all customer order r…

Vulnerability class: IDOR (Insecure Direct Object Reference)

EPSS: 0.002 (40.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Scott Paterson Easy-paypal-events-tickets — versions 0

Weakness classification (CWE)

CWE-639 — Authorization Bypass Through User-Controlled Key

References

disclosure@vulncheck.com (technical-description, exploit)
disclosure@vulncheck.com (product)
disclosure@vulncheck.com (third-party-advisory)
disclosure@vulncheck.com (product, patch)

Frequently asked questions

What is CVE-2026-41471?: CVE-2026-41471 is a high-severity vulnerability in Scott Paterson Easy-paypal-events-tickets, classified under Authorization Bypass Through User-Controlled Key. CVSS score: 7.5/10. Published 2026-05-04.
How severe is CVE-2026-41471?: High severity. CVSS v3 base score is 7.5 out of 10.