2 matches found
CVE-2024-0434
CVE-2024-0434 affects the WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly (versions ≤ 1.7.1). The vulnerability arises from a missing capability check in the ttbm_new_place_save function, enabling unauthenticated attackers to modify data and to publish new place posts. The iss...
WordPress WpTravelly Plugin <= 1.7.1 is vulnerable to Broken Access Control
Software WpTravelly Type Plugin Vulnerable versions = 1.7.1 Fixed in 1.7.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-0434 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 6dc0f73102e1 Credits Francesco Carlucci Required privile...