CVE-2026-32492
Received Received - Intake

Authentication Bypass in My Tickets ≀ 2.1.1 via Identity Spoofing

Vulnerability report for CVE-2026-32492, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-03-25

Last updated on: 2026-04-29

Assigner: Patchstack

Description

Authentication Bypass by Spoofing vulnerability in Joe Dolson My Tickets my-tickets allows Identity Spoofing.This issue affects My Tickets: from n/a through <= 2.1.1.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-03-25
Last Modified
2026-04-29
Generated
2026-07-06
AI Q&A
2026-03-25
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
joe_dolson my_tickets to 2.1.1 (inc)
joe_dolson my_tickets From 2.1.0 (inc) to 2.1.1 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-290 This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is an Authentication Bypass by Spoofing issue in the Joe Dolson My Tickets application. It allows an attacker to perform identity spoofing, meaning they can impersonate another user without proper authentication. The affected versions are up to and including version 2.1.1.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Mitigation Strategies

The vulnerability in the WordPress My Tickets plugin versions up to and including 2.1.1 can be mitigated by updating the plugin to version 2.1.2 or later.

Since the vulnerability requires no privileges to exploit, prompt patching is critical to prevent unauthorized actions.

Additionally, using mitigation services such as Patchstack's auto-updates for vulnerable plugins can help maintain security.

Impact Analysis

The vulnerability can allow unauthorized users to bypass authentication controls by spoofing identities. This can lead to unauthorized access to user accounts, potentially exposing sensitive information or allowing malicious actions under another user's identity.

Detection Guidance

There is no specific detection method or commands provided in the available information for identifying this vulnerability on your network or system.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-32492. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart