WP-Safety

My Tickets – Accessible Event Ticketing Security & Risk Analysis

wordpress.org/plugins/my-tickets

My Tickets is a simple, flexible platform for selling event tickets with WordPress.

700 active installs v2.1.2 PHP 7.4+ WP 6.4+ Updated Feb 24, 2026
accessibilityevent-ticketsregistrationreservationsticket-sales
92
A · Safe
CVEs total8
Unpatched0
Last CVEFeb 23, 2026
Plugin page Download
Safety Verdict

Is My Tickets – Accessible Event Ticketing Safe to Use in 2026?

Generally Safe

Score 92/100

My Tickets – Accessible Event Ticketing has a strong security track record. Known vulnerabilities have been patched promptly.

8 known CVEsLast CVE: Feb 23, 2026Updated 1mo ago
Risk Assessment

This plugin, "my-tickets" v2.1.2, exhibits a mixed security posture. While it demonstrates good practices in areas like using prepared statements for SQL queries and proper output escaping, several concerns warrant attention. The presence of two AJAX handlers without authentication checks presents a direct attack vector. The taint analysis reveals six high-severity flows with unsanitized paths, indicating potential vulnerabilities in how user-supplied data is processed. Furthermore, the plugin's history of eight CVEs, including a high-severity one for improper authorization and medium-severity ones covering cross-site scripting and information exposure, suggests a recurring pattern of security weaknesses that attackers could exploit. While the absence of unpatched CVEs and critical taint flows is positive, the combination of unprotected entry points, high-severity taint flows, and past vulnerability trends indicates a moderate to high risk.

Key Concerns

  • Two AJAX handlers without auth checks
  • Six high severity taint flows
  • History of 8 CVEs including 1 high severity
  • 12 flows with unsanitized paths
Vulnerabilities
8

My Tickets – Accessible Event Ticketing Security Vulnerabilities

CVEs by Year

1 CVE in 2021
2021
2 CVEs in 2023
2023
4 CVEs in 2025
2025
1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

High
1
Medium
7

8 total CVEs

CVE-2026-27406medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

My Tickets – Accessible Event Ticketing <= 2.1.0 - Unauthenticated Information Exposure

Feb 23, 2026 Patched in 2.1.1 (11d)
CVE-2025-64257medium · 4.3Missing Authorization

My Tickets <= 2.1.0 - Missing Authorization

Dec 6, 2025 Patched in 2.1.1 (6d)
CVE-2025-58988medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

My Tickets <= 2.0.22 - Authenticated (Contributor+) Stored Cross-Site Scripting

Sep 9, 2025 Patched in 2.0.23 (7d)
CVE-2025-3761high · 8.8Improper Privilege Management

My Tickets – Accessible Event Ticketing <= 2.0.16 - Authenticated (Subscriber+) Privilege Escalation

Apr 23, 2025 Patched in 2.0.17 (1d)
CVE-2025-22717medium · 5.3Missing Authorization

My Tickets <= 2.0.9 - Missing Authorization

Jan 15, 2025 Patched in 2.0.10 (7d)
CVE-2023-23988medium · 5.3Improper Authorization

My Tickets <= 1.9.11 - Authorization Bypass

Jan 20, 2023 Patched in 1.9.12 (368d)
CVE-2022-47440medium · 6.5Cross-Site Request Forgery (CSRF)

My Tickets <= 1.9.10 - Cross-Site Request Forgery

Jan 4, 2023 Patched in 1.9.11 (384d)
CVE-2021-24796medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

My Tickets <= 1.8.30 - Unauthenticated Stored Cross-Site Scripting

Oct 18, 2021 Patched in 1.8.31 (827d)
Code Analysis
Analyzed Mar 16, 2026

My Tickets – Accessible Event Ticketing Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
10 prepared
Unescaped Output
76
551 escaped
Nonce Checks
20
Capability Checks
43
File Operations
0
External Requests
4
Bundled Libraries
0

SQL Query Safety

83% prepared12 total queries

Output Escaping

88% escaped627 total outputs
Data Flows
12 unsanitized

Data Flow Analysis

25 flows12 with unsanitized paths
mt_post_lookup (mt-settings.php:886)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

My Tickets – Accessible Event Ticketing Attack Surface

Entry Points16
Unprotected2

AJAX Handlers 10

authwp_ajax_mt_ajax_cartmt-ajax.php:55
noprivwp_ajax_mt_ajax_cartmt-ajax.php:56
authwp_ajax_mt_ajax_handlermt-ajax.php:203
noprivwp_ajax_mt_ajax_handlermt-ajax.php:204
authwp_ajax_mt_ajax_load_modelmt-ajax.php:229
noprivwp_ajax_mt_ajax_load_modelmt-ajax.php:230
authwp_ajax_delete_ticketmt-settings.php:722
authwp_ajax_move_ticketmt-settings.php:777
authwp_ajax_mt_post_lookupmt-settings.php:882
authwp_ajax_mt_event_lookupmt-settings.php:910

Shortcodes 6

[quick-cart] mt-shortcodes.php:16
[ticket] mt-shortcodes.php:93
[ticket_venue] mt-shortcodes.php:122
[tickets] mt-shortcodes.php:205
[remaining] mt-shortcodes.php:248
[my-payments] mt-shortcodes.php:293
WordPress Hooks 121
actionwidgets_initclass-mt-short-cart-widget.php:22
filtermt_shipping_fieldsgateways\offline.php:12
filtermt_format_transactiongateways\offline.php:38
filtermt_setup_gatewaysgateways\offline.php:55
filtermt_gatewaygateways\offline.php:78
actionwp_loadedgateways\offline.php:115
actionmt_receive_ipngateways\paypal.php:16
actionhttp_api_curlgateways\paypal.php:160
filtermt_shipping_fieldsgateways\paypal.php:170
filtermt_format_transactiongateways\paypal.php:197
filtermt_setup_gatewaysgateways\paypal.php:214
filtermt_gatewaygateways\paypal.php:238
filtermt_currenciesgateways\paypal.php:303
actioninitincludes\data-utilities.php:340
actioninitincludes\data-utilities.php:508
filterthe_contentmt-add-to-cart.php:43
filtermc_after_eventmt-add-to-cart.php:401
filtermt_tickets_close_valuemt-add-to-cart.php:1017
actioninitmt-add-to-cart.php:1212
filterthe_contentmt-add-to-cart.php:1352
actioninitmt-cart-handler.php:12
filterthe_contentmt-cart.php:12
actioninitmt-cart.php:34
filtermt_content_before_cartmt-cart.php:48
filtermt_response_messagesmt-cart.php:102
filtermt_link_titlemt-cart.php:909
filtermt_form_wrappermt-cart.php:1216
actionadd_meta_boxesmt-cpt.php:12
actionsave_postmt-cpt.php:87
actionsave_postmt-cpt.php:99
filterwp_mail_content_typemt-cpt.php:128
filtermt_format_transactionmt-cpt.php:517
filterdefault_titlemt-cpt.php:579
actionsave_postmt-cpt.php:694
actioninitmt-cpt.php:753
filterpost_updated_messagesmt-cpt.php:787
actionadmin_initmt-cpt.php:869
actionadmin_headmt-cpt.php:875
filtermanage_mt-payments_posts_columnsmt-cpt.php:876
actionmanage_mt-payments_posts_custom_columnmt-cpt.php:877
actionwp_loadedmt-cpt.php:917
filterpost_date_column_statusmt-cpt.php:969
filtermc_event_classesmt-cpt.php:1002
filterpre_get_postsmt-cpt.php:1116
actionrestrict_manage_postsmt-cpt.php:1149
filterbulk_actions-edit-mt-paymentsmt-cpt.php:1170
filterhandle_bulk_actions-edit-mt-paymentsmt-cpt.php:1182
actionadmin_noticesmt-cpt.php:1221
filterwp_list_pages_excludesmt-cpt.php:1234
filterdisplay_post_statesmt-cpt.php:1256
actionadmin_menumt-debug.php:12
actioninitmt-fields-api.php:16
filtermt_add_to_cart_fieldsmt-fields-api.php:22
actionmt_add_to_cart_ajax_field_handlermt-fields-api.php:24
filtermt_show_in_cart_fieldsmt-fields-api.php:26
actionmt_save_payment_fieldsmt-fields-api.php:28
filtermt_custom_tickets_fieldsmt-fields-api.php:30
actionwp_trash_postmt-notifications.php:14
actionsave_postmt-notifications.php:28
filtermt_format_arraymt-notifications.php:65
filtermt_format_receiptmt-notifications.php:380
filterwp_mail_content_typemt-notifications.php:579
filtermt_format_notesmt-notifications.php:732
actionmt_ticket_type_close_salesmt-notifications.php:871
actionmt_ticket_sales_closedmt-notifications.php:872
actionmt_event_sold_outmt-notifications.php:873
filterwp_mail_content_typemt-notifications.php:1005
actionadmin_enqueue_scriptsmt-notifications.php:1020
actionadmin_menumt-processing.php:17
actionsave_postmt-processing.php:146
filtertemplate_redirectmt-receipt.php:12
actionadmin_initmt-reports.php:947
actionadmin_initmt-reports.php:990
actionadmin_initmt-reports.php:1023
filterwp_mail_content_typemt-reports.php:1354
filterwp_mail_content_typemt-reports.php:1395
actioninitmt-reports.php:1411
actiontemplate_includemt-reports.php:1436
actionadmin_initmt-settings.php:146
actionadmin_enqueue_scriptsmt-settings.php:524
actionadmin_enqueue_scriptsmt-settings.php:863
filteruniversal_top_of_headermt-shortcodes.php:17
filtermilky_way_top_of_headermt-shortcodes.php:18
filtermc_filter_shortcodesmt-shortcodes.php:270
filtermt_create_location_objectmt-templating.php:926
filtertemplate_redirectmt-tickets.php:12
filtermt_default_ticketed_eventsmt-tickets.php:110
filterafter_setup_thememt-tickets.php:163
actionadmin_noticesmy-tickets.php:52
actioninitmy-tickets.php:151
actionplugins_loadedmy-tickets.php:238
actionmy_tickets_hourly_cronmy-tickets.php:273
filterdisplay_post_statesmy-tickets.php:314
filterpost_classmy-tickets.php:339
actionenqueue_block_editor_assetsmy-tickets.php:357
actionadmin_menumy-tickets.php:359
actionadmin_headmy-tickets.php:378
actionadmin_initmy-tickets.php:389
actionadmin_enqueue_scriptsmy-tickets.php:446
actionwp_enqueue_scriptsmy-tickets.php:458
filtertemplate_includemy-tickets.php:786
filtertemplate_includemy-tickets.php:807
actioninitmy-tickets.php:828
actionadmin_bar_menumy-tickets.php:842
actioninitmy-tickets.php:902
actionmc_update_event_postmy-tickets.php:914
filtermc_event_registrationmy-tickets.php:918
filtertemplate_includemy-tickets.php:920
filterwp_headersmy-tickets.php:940
actionwp_footermy-tickets.php:953
filtermt_money_formatmy-tickets.php:1078
actionshow_user_profilemy-tickets.php:1132
actionedit_user_profilemy-tickets.php:1133
actionprofile_updatemy-tickets.php:1173
actionadmin_initmy-tickets.php:1204
filterduplicate_post_excludelist_filtermy-tickets.php:1485
actionduplicate_post_post_copymy-tickets.php:1519
filterpre_set_site_transient_update_pluginsupdates\EDD_SL_Plugin_Updater.php:73
filterplugins_apiupdates\EDD_SL_Plugin_Updater.php:74
actionadmin_initupdates\EDD_SL_Plugin_Updater.php:77
filterpre_set_site_transient_update_pluginsupdates\EDD_SL_Plugin_Updater.php:198

Scheduled Events 1

my_tickets_hourly_cron
Maintenance & Trust

My Tickets – Accessible Event Ticketing Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 24, 2026
PHP min version7.4
Downloads145K

Community Trust

Rating98/100
Number of ratings27
Active installs700
Alternatives

My Tickets – Accessible Event Ticketing Alternatives

Event Tickets and Registration

Event Tickets and Registration

event-tickets

A
89

Event Tickets allows your visitors to RSVP and buy tickets to events on your site. Also works seamlessly with The Events Calendar.

90K 11 CVEs
Ticket Tailor — Event Ticketing & Registration

Ticket Tailor — Event Ticketing & Registration

ticket-tailor

A
100

Sell event tickets online via your WordPress website. Ticket Tailor is an easy event ticketing & event registration system.

4K 1 CVE
Tickera – Sell Tickets & Manage Events

Tickera – Sell Tickets & Manage Events

tickera-event-ticketing-system

A
89

Sell tickets, manage events, and handle event registration on your site — PDF tickets, QR/Barcode check-in, and seamless ticket sales for WordPress.

3K 13 CVEs
Event Espresso – Event Registration & Ticketing Sales

Event Espresso – Event Registration & Ticketing Sales

event-espresso-decaf

A
95

The best events plugin with event registration, free and paid ticket sales, event registration forms, PayPal payments, automatic emails, and more!

700 5 CVEs
Extended Shortcodes for Ultimate Membership Pro

Extended Shortcodes for Ultimate Membership Pro

extended-shortcodes-for-ultimate-membership-pro

A
92

Extend Ultimate Membership Pro functionality with a list of shortcodes which can be used by admin in order to manage content restriction.

50 No CVEs
Developer Profile

My Tickets – Accessible Event Ticketing Developer Profile

Joe Dolson

6 plugins · 96K total installs

75
trust score
Avg Security Score
94/100
Avg Patch Time
884 days
View full developer profile
Detection Fingerprints

How We Detect My Tickets – Accessible Event Ticketing

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/my-tickets/css/style.css/wp-content/plugins/my-tickets/css/jquery.timepicker.css/wp-content/plugins/my-tickets/js/my-tickets.js/wp-content/plugins/my-tickets/js/jquery.timepicker.min.js/wp-content/plugins/my-tickets/js/datetime.js/wp-content/plugins/my-tickets/js/admin.js
Script Paths
/wp-content/plugins/my-tickets/js/my-tickets.js/wp-content/plugins/my-tickets/js/jquery.timepicker.min.js/wp-content/plugins/my-tickets/js/datetime.js/wp-content/plugins/my-tickets/js/admin.js
Version Parameters
my-tickets/style.css?ver=my-tickets/css/style.css?ver=my-tickets/css/jquery.timepicker.css?ver=my-tickets/js/my-tickets.js?ver=my-tickets/js/jquery.timepicker.min.js?ver=my-tickets/js/datetime.js?ver=my-tickets/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
mt-admin-noticemt-playground-notice
JS Globals
my_tickets_settings
FAQ

Frequently Asked Questions about My Tickets – Accessible Event Ticketing