CVE-2026-27406 PUBLISHED

WordPress My Tickets plugin <= 2.1.0 - Sensitive Data Exposure vulnerability

Assigner: Patchstack
Reserved: 19.02.2026 Published: 05.03.2026 Updated: 05.03.2026

Insertion of Sensitive Information Into Sent Data vulnerability in Joe Dolson My Tickets my-tickets allows Retrieve Embedded Sensitive Data.This issue affects My Tickets: from n/a through <= 2.1.0.

Product Status

Vendor	Joe Dolson
Product	My Tickets
Versions	Default: unaffected affected from n/a to <= 2.1.0 (incl.)

Credits

daroo | Patchstack Bug Bounty Program finder

References

https://patchstack.com/database/Wordpress/Plugin/my-tickets/vulnerability/wordpress-my-tickets-plugin-2-1-0-sensitive-data-exposure-vulnerability?_s_id=cve

Problem Types

Insertion of Sensitive Information Into Sent Data CWE

Impacts

Retrieve Embedded Sensitive Data