Missing Authorization vulnerability Affects WP Travel Engine
CVE-2024-32798

5.3MEDIUM

Key Information:

Vendor: WordPress
Status: WP Travel Engine
Vendor: CVE Published:; 9 June 2024

Summary

A Missing Authorization vulnerability exists in the WP Travel Engine plugin, which could allow unauthorized users to manipulate prices for travel bookings. This issue is present in all versions up to 5.8.0, potentially exposing sensitive data and leading to financial losses for users. It is crucial for organizations using this plugin to apply security measures to mitigate risks associated with this vulnerability.

Affected Version(s)

WP Travel Engine <= 5.8.0

References

https://patchstack.com/database/vulnerability/wp-travel-e...

vdb-entry

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 9, 2024
Vulnerability Reserved
Apr 18, 2024

Credit

Ananda Dhakal (Patchstack)