CVE-2021-4389
CVE-2021-4389 affects the WP Travel WordPress plugin (versions up to and including 4.4.6). The root cause is missing or incorrect nonce validation in the save_meta_data() function, enabling Cross-Site Request Forgery (CSRF). This lets unauthenticated attackers save metadata for travel posts by tr...