HIGH
Scott Paterson
CVE published 2026-05-04
CVE-2026-41471
CVE-2026-41471 is a HIGH severity (CVSS 8.2) information disclosure vulnerability in the Easy PayPal Events & Tickets WordPress plugin, affecting versions prior to 1.4. The vulnerability resides in the `scan_qr.php` endpoint, which fails to implement authentication or authorization checks when processing QR code scan requests. Unauthenticated attackers can exploit sequential WordPress post ID enumeration [truncated]