CVE-2024-32798

2024-06-0913:15:51

CWE-862

[email protected]

web.nvd.nist.gov

authorization missing wp travel engine vulnerability

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.0004 Low

EPSS

Percentile

9.1%

JSON

Missing Authorization vulnerability in WP Travel Engine.This issue affects WP Travel Engine: from n/a through 5.8.0.

Affected configurations

Vulners

Node

wp_travel_enginewp_travel_engineRange≤5.8.0

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "wp-travel-engine",
    "product": "WP Travel Engine",
    "vendor": "WP Travel Engine",
    "versions": [
      {
        "changes": [
          {
            "at": "5.8.1",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "5.8.0",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]