CVE-2026-32834

Name of the Vulnerable Software and Affected Versions Easy PayPal Events & Tickets plugin for WordPress versions 1.3 and earlier

Description A hardcoded authentication bypass exists in the QR code scanning functionality. Unauthenticated remote attackers can bypass hash verification by providing 'test' as the value for the hash parameter. By accessing the 'add wpeevent button qr' endpoint, attackers can retrieve sensitive order details, including PayPal transaction IDs, customer email addresses, purchase amounts, and ticket information, provided they have a known or guessed post ID.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.