cleantalk
Vulnerabilities and Security Researches

WP Travel Engine – Best Travel Booking WordPress Plugin, CVE-2024-10606

CVE, Research URL

CVE-2024-10606

Home page URL

Security reports for WP Travel Engine – Best Travel Booking WordPress Plugin

Application

WP Travel Engine – Best Travel Booking WordPress Plugin

Published on
Nov 23, 2024
Research Description
The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpte_onboard_save_function_callback() function in all versions up to, and including, 6.2.1. This makes it possible for authenticated attackers, with contributor-level access and above, to modify several settings that could have an impact such as lost revenue and page updates.
Affected versions
Min -, max 6.2.2.
Status
vulnerable
Previous vulnerability researches
WP Travel Engine – Best Travel Booking WordPress Plugin (CVE-2025-30870) , May 06, 2025
WP Travel Engine – Best Travel Booking WordPress Plugin (CVE-2024-37944) , Jul 14, 2024
WP Travel Engine – Best Travel Booking WordPress Plugin (CVE-2024-10606) , Nov 24, 2024
WP Travel Engine – Best Travel Booking WordPress Plugin (CVE-2022-4974) , Nov 15, 2024
WP Travel Engine – Best Travel Booking WordPress Plugin (CVE-2025-30871) , Apr 02, 2025
New vulnerability
WordPress Plugin for Google Maps – WP MAPS (CVE-2025-3502) , May 07, 2025
WordPress Plugin for Google Maps – WP MAPS (CVE-2025-3503) , May 07, 2025
Category Widget (CVE-2025-46515) , May 07, 2025
Search Exclude (CVE-2025-2821) , May 07, 2025
IGIT Related Posts With Thumb Image After Posts (CVE-2025-46518) , May 07, 2025