CVE-2026-41471

Name of the Vulnerable Software and Affected Versions Easy PayPal Events & Tickets plugin for WordPress versions 1.3 and earlier

Description An information disclosure issue exists in the QR code scanning endpoint. Unauthenticated attackers can enumerate and retrieve all customer order records by iterating over sequential WordPress post IDs through the 'scan qr.php' endpoint, allowing them to harvest the complete set of orders stored in the database.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.