CVE-2025-3761 – My Tickets – WordPress Privilege Escalation Vulnerability

April 24, 2025

CVE ID : CVE-2025-3761

Published : April 24, 2025, 7:15 a.m. | 25 minutes ago

Description : The My Tickets – Accessible Event Ticketing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.0.16. This is due to the mt_save_profile() function not appropriately restricting access to unauthorized users to update roles. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update their role to that of an administrator.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCodeSOD: Tangled Up in Foo

Next Article CVE-2025-41423 – Mattermost Playbooks API Permission Validation Bypass

Highlights

CVE-2011-10007 – Apache::FileFind::Rule Arbitrary Code Execution Vulnerability

June 5, 2025

CVE ID : CVE-2011-10007

Published : June 5, 2025, 12:15 p.m. | 2 hours, 9 minutes ago

Description : File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted filename.

A file handle is opened with the 2 argument form of `open()` allowing an attacker controlled filename to provide the MODE parameter to `open()`, turning the filename into a command to be executed.

Example:

$ mkdir /tmp/poc; echo > “/tmp/poc/|id”
$ perl -MFile::Find::Rule
-E ‘File::Find::Rule->grep(“foo”)->in(“/tmp/poc”)’
uid=1000(user) gid=1000(user) groups=1000(user),100(users)

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

How To Prevent WordPress SQL Injection Attacks

Java never goes out of style: Celebrating 30 years of the language

OpenAI o3-pro available in the API, BrowserStack adds Playwright support for real iOS devices, and more – Daily News Digest

Creating The “Moving Highlight” Navigation Bar With JavaScript And CSS

Surface Pro 11 with Snapdragon X Elite drops to lowest price ever

With WH40K Boltgun and Dungeons of Hinterberg, this month’s Humble Choice lineup is stacked for less than $12

I’ve been loving the upgrade to my favorite mobile controller, and there’s even a version for large tablets

Copilot Vision just launched — and Microsoft already added new features

Master Data Management: The Key to Improved Analytics Reporting

Master Data Management: The Key to Improved Analytics Reporting

Salesforce Lead-to-Revenue Management

React Native 0.80 – React 19.1, JS API Changes, Freezing Legacy Arch and much more

Surface Pro 11 with Snapdragon X Elite drops to lowest price ever

Surface Pro 11 with Snapdragon X Elite drops to lowest price ever

With WH40K Boltgun and Dungeons of Hinterberg, this month’s Humble Choice lineup is stacked for less than $12

I’ve been loving the upgrade to my favorite mobile controller, and there’s even a version for large tablets

CVE-2025-3761 – My Tickets – WordPress Privilege Escalation Vulnerability

Apache Tomcat Under Attack: Massive Brute-Force Campaign Targets Manager Interfaces

Warning: Discontinued Amazon Cloud Cam Has Vulnerability (CVE-2025-6031), Exposing Your Network

Android Development Codelab: Mastering Advanced Concepts

Google Drops Cookie Prompt in Chrome, Adds IP Protection to Incognito

CVE-2025-29763 – Apache HTTP Server Cross-Site Request Forgery

NVIDIA’s latest driver fixes some big issues with DOOM: The Dark Ages

CVE-2011-10007 – Apache::FileFind::Rule Arbitrary Code Execution Vulnerability

ncgopher is a gopher, gemini and finger client

CVE-2024-13930 – ASPECT DoS Denial of Service

CVE-2025-4315 – CubeWP WordPress Privilege Escalation Vulnerability

CVE-2025-3761 – My Tickets – WordPress Privilege Escalation Vulnerability

Related Posts