CVE-2024-10606

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Nov 23, 2024
CWE ID 862

Summary

CVE-2024-10606: The WP Travel Engine plugin for WordPress, specifically its Tour Operator Software component, has a vulnerability where the wpte_onboard_save_function_callback() function lacks adequate capability checks. This issue exposes contributor-level users and above to manipulate various settings without proper authorization. The implications of such unauthorized modification could result in financial loss and unwanted page updates.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share