CVE-2026-32492
Received Received - Intake
Authentication Bypass in My Tickets ≀ 2.1.1 via Identity Spoofing

Publication date: 2026-03-25

Last updated on: 2026-04-29

Assigner: Patchstack

Description
Authentication Bypass by Spoofing vulnerability in Joe Dolson My Tickets my-tickets allows Identity Spoofing.This issue affects My Tickets: from n/a through <= 2.1.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-25
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-03-25
EPSS Evaluated
2026-06-15
NVD
CVE-2026-32492
EUVD
EUVD-2026-15834
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
joe_dolson my_tickets to 2.1.1 (inc)
joe_dolson my_tickets From 2.1.0 (inc) to 2.1.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-290 This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

This vulnerability is an Authentication Bypass by Spoofing issue in the Joe Dolson My Tickets application. It allows an attacker to perform identity spoofing, meaning they can impersonate another user without proper authentication. The affected versions are up to and including version 2.1.1.

Impact Analysis

The vulnerability can allow unauthorized users to bypass authentication controls by spoofing identities. This can lead to unauthorized access to user accounts, potentially exposing sensitive information or allowing malicious actions under another user's identity.

Mitigation Strategies

The vulnerability in the WordPress My Tickets plugin versions up to and including 2.1.1 can be mitigated by updating the plugin to version 2.1.2 or later.

Since the vulnerability requires no privileges to exploit, prompt patching is critical to prevent unauthorized actions.

Additionally, using mitigation services such as Patchstack's auto-updates for vulnerable plugins can help maintain security.

Detection Guidance

There is no specific detection method or commands provided in the available information for identifying this vulnerability on your network or system.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-32492. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart