Missing Authorization Vulnerability in Bus Ticket Booking by Magepeople Inc.
CVE-2025-66105

5.3MEDIUM

Key Information:

Vendor: WordPress
Status: Bus Ticket Booking With Seat Reservation
Vendor: CVE Published:; 7 May 2026

What is CVE-2025-66105?

A Missing Authorization vulnerability in the Bus Ticket Booking with Seat Reservation solution from Magepeople Inc. permits unauthorized access, stemming from incorrectly configured access control security levels. This issue primarily affects versions prior to 5.6.8, compromising sensitive user information and system integrity. Users are advised to update their installations to the latest version to mitigate potential risks.

Affected Version(s)

Bus Ticket Booking with Seat Reservation < 5.6.8

References

https://patchstack.com/database/wordpress/plugin/bus-tick...

vdb-entry

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 7, 2026
Vulnerability Reserved
Nov 21, 2025

Credit

Legion Hunter | Patchstack Bug Bounty program

CVE-2025-66105 Data

JSON

WordPress

What is CVE-2025-66105?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit