Tag: payment bypass

All the articles with the tag "payment bypass".

[CVE-2025-11517] Free Tickets for Sale – How a Logic Error Skips Payment in WordPress Event Tickets

28 Nov, 2024

A missing price check in Event Tickets up to 5.26.5 lets anyone create orders for paid tickets through the plugin’s “free commerce” REST endpoint. Site owners lose revenue and occupancy control, while attackers walk in for nothing.

[CVE-2025-11517] Free Tickets for Sale – How a Logic Error Skips Payment in WordPress Event Tickets