Medium severity5.3NVD Advisory· Published May 29, 2024· Updated Apr 15, 2026
CVE-2024-0434
CVE-2024-0434
Description
The WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ttbm_new_place_save' function in all versions up to, and including, 1.7.1. This makes it possible for unauthenticated attackers to create and publish new place posts. This function is also vulnerable to CSRF.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=1.7.1
- Range: <=1.7.1
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.