My Tickets – Accessible Event Ticketing <= 2.0.16 - Élévation de privilèges authentifiée (Abonné+)
Plateforme
wordpress
Composant
my-tickets
Corrigé dans
2.0.17
CVE-2025-3761 describes a Privilege Escalation vulnerability affecting the My Tickets – Accessible Event Ticketing plugin for WordPress. An authenticated attacker with Subscriber-level access or higher can exploit this flaw to elevate their role to administrator, gaining complete control over the WordPress site. This vulnerability impacts versions 0 through 2.0.16, and a patch is available in version 2.0.17.
Détecte cette CVE dans ton projet
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Impact et Scénarios d'Attaquetraduction en cours…
Successful exploitation of CVE-2025-3761 allows an attacker to bypass standard WordPress access controls. By escalating their role to administrator, the attacker can perform any action on the site, including installing malicious plugins, modifying content, deleting data, and potentially gaining access to sensitive information stored within the WordPress database. This could lead to complete compromise of the website and its associated data. The impact is particularly severe for sites handling sensitive user data or financial transactions, as an attacker could leverage administrator privileges to steal or manipulate this information.
Contexte d'Exploitationtraduction en cours…
CVE-2025-3761 was publicly disclosed on April 24, 2025. There is currently no indication of active exploitation in the wild, but the ease of exploitation and the plugin's popularity suggest it could become a target. The vulnerability is not listed on the CISA KEV catalog at the time of writing. Public proof-of-concept code is likely to emerge, increasing the risk of exploitation.
Qui Est à Risquetraduction en cours…
Websites utilizing the My Tickets – Accessible Event Ticketing plugin, particularly those running versions 0 through 2.0.16, are at risk. Shared hosting environments where multiple WordPress sites share the same server are also at increased risk, as a compromise of one site could potentially lead to lateral movement and exploitation of other sites using the vulnerable plugin.
Étapes de Détectiontraduction en cours…
• wordpress / composer / npm:
grep -r 'mt_save_profile' /var/www/html/wp-content/plugins/my-tickets/• wordpress / composer / npm:
wp plugin list --status=inactive | grep 'my-tickets'• wordpress / composer / npm:
wp plugin update --all• wordpress / composer / npm:
wp plugin status my-tickets• wordpress / composer / npm:
wp plugin version my-ticketsChronologie de l'Attaque
- Disclosure
disclosure
Renseignement sur les Menaces
Statut de l'Exploit
EPSS
0.26% (percentile 49%)
CISA SSVC
Vecteur CVSS
Que signifient ces métriques?
- Attack Vector
- Réseau — exploitable à distance via internet. Aucun accès physique ou local requis.
- Attack Complexity
- Faible — aucune condition spéciale requise. Exploitable de manière fiable.
- Privileges Required
- Faible — tout compte utilisateur valide est suffisant.
- User Interaction
- Aucune — attaque automatique et silencieuse. La victime ne fait rien.
- Scope
- Inchangé — impact limité au composant vulnérable.
- Confidentiality
- Élevé — perte totale de confidentialité. L'attaquant peut lire toutes les données.
- Integrity
- Élevé — l'attaquant peut écrire, modifier ou supprimer toutes les données.
- Availability
- Élevé — panne complète ou épuisement des ressources. Déni de service total.
Logiciel Affecté
Informations sur le paquet
- Installations actives
- 700Niche
- Note du plugin
- 4.9
- Nécessite WordPress
- 6.4+
- Compatible jusqu'à
- 7.0
- Nécessite PHP
- 7.4+
Classification de Faiblesse (CWE)
Chronologie
- Réservé
- Publiée
- Modifiée
- EPSS mis à jour
Mitigation et Contournementstraduction en cours…
The primary mitigation for CVE-2025-3761 is to immediately update the My Tickets – Accessible Event Ticketing plugin to version 2.0.17 or later. If an immediate upgrade is not feasible due to compatibility issues or testing requirements, consider restricting access to the mtsaveprofile() function within the plugin. While not a complete fix, this can limit the attacker's ability to modify roles. Review WordPress user roles and permissions to ensure that no unauthorized users have elevated privileges. After upgrading, verify the fix by attempting to log in as a subscriber and attempting to modify your user role to administrator; the action should be denied.
Comment corrigertraduction en cours…
Actualice el plugin My Tickets – Accessible Event Ticketing a la versión 2.0.17 o superior para mitigar la vulnerabilidad de escalada de privilegios. Esta actualización corrige la forma en que se gestionan los roles de usuario, evitando que los usuarios con privilegios bajos actualicen sus roles a administrador.
Newsletter Sécurité CVE
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
Questions fréquentestraduction en cours…
What is CVE-2025-3761 — Privilege Escalation in My Tickets WordPress Plugin?
CVE-2025-3761 is a vulnerability in the My Tickets plugin for WordPress allowing authenticated subscribers to escalate to administrator roles, gaining full control of the site.
Am I affected by CVE-2025-3761 in My Tickets WordPress Plugin?
You are affected if you are using My Tickets plugin versions 0 through 2.0.16. Upgrade immediately to mitigate the risk.
How do I fix CVE-2025-3761 in My Tickets WordPress Plugin?
Upgrade the My Tickets plugin to version 2.0.17 or later. If immediate upgrade is not possible, restrict access to the mtsaveprofile() function.
Is CVE-2025-3761 being actively exploited?
There is currently no confirmed active exploitation, but the ease of exploitation makes it a potential target.
Where can I find the official My Tickets advisory for CVE-2025-3761?
Refer to the official My Tickets plugin website or WordPress plugin repository for the latest advisory and update information.
Ton projet est-il affecté ?
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.