CVE-2025-11517

Overview

The Event Tickets and Registration plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 5.26.5. This is due to the /wp-json/tribe/tickets/v1/commerce/free/order endpoint not verifying that a ticket type should be free allowing the user to bypass the payment. Thi...

Critical

Low

Medium

No items found.

Package:

Impact:

Fix:

Year:

CVSS:

Severity:

CVE-2025-11517

Overview

Affected Components

Location

Stop the waste.
Protect your environment with Kodem.

CVE-2025-11517

Overview

Affected Components

Location

Stop the waste.Protect your environment with Kodem.

Stop the waste.
Protect your environment with Kodem.