CVE-2025-11517 | theeventscalendar Event Tickets and Registration Plugin up to 5.26.5 on WordPress order authorization

A vulnerability was found in theeventscalendar Event Tickets and Registration Plugin up to 5.26.5 on WordPress. It has been rated as problematic. The impacted element is an unknown function of the file /wp-json/tribe/tickets/v1/commerce/free/order. This manipulation causes authorization bypass.

This vulnerability is handled as CVE-2025-11517. The attack can be initiated remotely. There is not any exploit available.VulDB Recent EntriesRead More