WordPress WP Travel Pro plugin <= 10.6.0 - Missing Authorization to Unauthenticated Arbitrary User Deletion Including Administrators vulnerability

Missing Authorization to Unauthenticated Arbitrary User Deletion Including Administrators vulnerability discovered by Ren Voza in WordPress Plugin WP Travel Pro versions = 10.6.0...

PT-2026-7806

Name of the Vulnerable Software and Affected Versions AdForest versions up to and including 6.0.12 Description The AdForest theme for WordPress is susceptible to authentication bypass. The issue stems from insufficient user identity verification before authentication via the sb login user with ot...