CVE-2025-47519
Description
Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Easy PayPal Events easy-paypal-events-tickets allows Cross Site Request Forgery.This issue affects Easy PayPal Events: from n/a through <= 1.2.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
CSRF in Easy PayPal Events plugin (<=1.2.2) lets attackers force privileged users to execute unwanted actions.
Root
Cause
The Easy PayPal Events plugin for WordPress versions 1.2.2 and earlier contains a Cross-Site Request Forgery (CSRF) vulnerability. The lack of CSRF protection means that authenticated requests (such as changing plugin settings or creating events) can be forged without the user's consent [1].
Exploitation
An attacker can exploit this by tricking a logged-in administrator or other privileged user into clicking a malicious link, visiting a crafted page, or submitting a form. No special privileges are required for the attacker beyond the ability to lure a victim [1].
Impact
Successful exploitation allows the attacker to perform unwanted actions under the victim's current authentication, such as modifying event configurations or creating unauthorized PayPal transactions. The vulnerability is rated medium severity (CVSS 4.3) and is noted as being used in mass-exploit campaigns [1].
Mitigation
The vendor has released version 1.3 which remediates the flaw. Users are strongly advised to update immediately. If updating is not possible, consulting a hosting provider or developer is recommended. Patchstack users can enable auto-updates for this plugin [1].
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <=1.2.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.