CVE-2026-57400
Received Received - Intake

BaseFortify

Vulnerability report for CVE-2026-57400, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-13

Last updated on: 2026-07-13

Assigner: Patchstack

Description

Missing Authorization vulnerability in WP Swings Event Tickets Manager for WooCommerce event-tickets-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Tickets Manager for WooCommerce: from n/a through <= 1.5.5.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-13
Last Modified
2026-07-13
Generated
2026-07-13
AI Q&A
2026-07-13
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
wp_swings event_tickets_manager_for_woocommerce to 1.5.5 (inc)
wp_swings event_tickets_manager_for_woocommerce From 1.0.0 (inc) to 1.5.5 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-57400 is a Broken Access Control vulnerability in the WordPress Event Tickets Manager for WooCommerce plugin, specifically versions 1.5.5 and earlier.

This vulnerability arises from missing authorization, authentication, or nonce token checks, which allows unauthenticated users to perform actions that should require higher privileges.

Essentially, attackers can exploit incorrectly configured access control security levels to carry out unauthorized actions within affected websites.

Impact Analysis

This vulnerability poses a moderate risk with a CVSS score of 6.5, allowing attackers to perform higher-privileged actions without authentication.

Exploitation could lead to unauthorized changes or actions on your website, potentially affecting the integrity and availability of your event ticket management.

Attackers could exploit this vulnerability in mass campaigns targeting thousands of websites, increasing the likelihood of widespread impact.

Users are advised to update to version 1.5.6 immediately or apply mitigation rules to block attacks until updating.

Mitigation Strategies

To mitigate the vulnerability in Event Tickets Manager for WooCommerce (versions 1.5.5 and earlier), users should immediately update the plugin to version 1.5.6 or later.

Until the update can be applied, users are advised to implement mitigation rules provided by Patchstack to block attacks exploiting this broken access control vulnerability.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-57400. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart