PatchSiren cyber security CVE debrief

CVE-2026-42662 Liquid Web / StellarWP CVE debrief

CVE-2026-42662 is a MEDIUM severity vulnerability (CVSS Score: 6.5) in the Event Tickets plugin versions <= 5.27.5. The vulnerability is described as an unauthenticated bypass vulnerability. The CVE was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-42662) and last modified on [cveModifiedAt](https://nvd.nist.gov/vuln/detail/CVE-2026-42662). The vulnerability's details are sourced from [Patchstack](https://patchstack.com/database/wordpress/plugin/event-tickets/vulnerability/wordpress-event-tickets-plugin-5-27-5-bypass-vulnerability-vulnerability?_s_id=cve).

Vendor: Liquid Web / StellarWP
Product: Event Tickets
CVSS: MEDIUM 6.5
CISA KEV: Not listed in stored evidence
Original CVE published: 2026-06-15
Original CVE updated: 2026-06-15
Advisory published: 2026-06-15
Advisory updated: 2026-06-15

Who should care

Users of Event Tickets plugin versions <= 5.27.5 should be aware of this vulnerability and take necessary actions to mitigate the risk.

Technical summary

The vulnerability is categorized under CWE-290. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L.

Defensive priority

MEDIUM

Recommended defensive actions

Update Event Tickets plugin to a version greater than 5.27.5.
Refer to [ref-4](https://patchstack.com/database/wordpress/plugin/event-tickets/vulnerability/wordpress-event-tickets-plugin-5-27-5-bypass-vulnerability-vulnerability?_s_id=cve) for mitigation or vendor reference.

Evidence notes

Vendor and product information is not fully confirmed. The canonical source is listed as 'reference_domain_weak' with low confidence.

Official resources

CVE-2026-42662 CVE record
CVE.org
CVE-2026-42662 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected]

CVE-2026-42662 was published on 2026-06-15T21:16:55.933Z and last modified on 2026-06-15T21:24:32.790Z.