-MASSIVE SECURITY HOLE- A deleted AND refunded ticket can STILL be checked in!

Home Forums Ticket Products Event Tickets Plus -MASSIVE SECURITY HOLE- A deleted AND refunded ticket can STILL be checked in!

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
  • #1332448

    I’m attempting to continue a closed thread about being able to still check in a ticket after it has been deleted.

    We’re dealing with the same issue and are alarmed to see that since it was raised several months ago it hasn’t been fixed.

    The situation we have is that a single order of a WooCommerce product containing multiple tickets for different events had to be refunded. On the WooCommerce side that was done the usual way. However, on the Event Tickets Plus side, even though the Attendee report for the ticket says “Refunded”, and there is no Check In button to click (only a View Order button, as one would expect), when I use a QR code reader to attempt a check in, it does allow check in for the refunded ticket, as if no refund had occurred. This is bad.

    Furthermore, when I undo that check in and then delete the ticket, and then use the QR code again, it allows the check in as if the ticket hadn’t been deleted! This is also bad.

    There needs to be a stronger linkage between what happens in WooCommerce to an order with multiple ticketed events purchased and what happens to a ticket attached to that order. If an order is refunded, canceled, or otherwise not valid, the associated event ticket for the attendee should also be turned completely off and invalidated, as far as checking in is concerned, with the message at check in being “The ticket with ID XXXX was voided due to being refunded (or canceled or deleted or whatever) and is no longer valid.”

    We would request a speedy resolution to this issue as our event is happening on August 21st, 2017 and we’d like the peace of mind of knowing that our QR code check in process is airtight. While we don’t expect fraud with this particular crowd, we also don’t want any unpleasant surprises in case someone does try to get away with something. I’m sure your other customers would appreciate a fix as well.


    Hi Rob,

    We do currently have an internal ticket open to address this issue. I just checked on the status, and it is currently pending development, which means that it needs to be coded and tested before being added to a release. I linked this thread to the ticket, so as soon as this has been released, you will be updated here.

    We will do our best to get it released as soon as possible, but unfortunately I cannot guarantee a release date at the moment. I do apologize about the delay in getting this resolved – I know you are hoping for a quick fix! I did raise the priority on the ticket to hopefully speed up the process.

    Thanks for your patience as we work on getting this resolved! We’ll let you know as soon as we have an update.



    A new maintenance release has been recently shipped addressing this issue 🙂

    More information in the release notes and hotfix notes.

    Please update the plugins and let us know if the fix works for you,

    Support Droid

    Hey there! This thread has been pretty quiet for the last three weeks, so we’re going to go ahead and close it to avoid confusion with other topics. If you’re still looking for help with this, please do open a new thread, reference this one and we’d be more than happy to continue the conversation over there.

    Thanks so much!
    The Events Calendar Support Team

Viewing 4 posts - 1 through 4 (of 4 total)
  • The topic ‘-MASSIVE SECURITY HOLE- A deleted AND refunded ticket can STILL be checked in!’ is closed to new replies.