WordPress Travel Management plugin <= 2.0 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities

2022-05-2600:00:00

Ngo Van Thien (Alliance project)

patchstack.com

0.001 Low

EPSS

Percentile

25.0%

JSON

Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities were discovered by Ngo Van Thien (Patchstack Alliance) in the WordPress Travel Management plugin (versions <= 2.0).

Solution

Deactivate and delete. This plugin has been closed as of May 6, 2022 and is not available for download. This closure is temporary, pending a full review.

CPENameOperatorVersion
travel managementle2.0

CPE	Name	Operator	Version
	travel management	le	2.0

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27859

wordpress.org/plugins/nd-travel/

0.001 Low

EPSS

Percentile

25.0%

JSON

Related for PATCHSTACK:15C03A9BC393E3AC817BBA3D9BE6E419