CVE-2024-10606
CVSS 3.1 Score 4.3 of 10 (medium)
Details
Published Nov 23, 2024
CWE ID 862
Summary
CVE-2024-10606: The WP Travel Engine plugin for WordPress, specifically its Tour Operator Software component, has a vulnerability where the wpte_onboard_save_function_callback() function lacks adequate capability checks. This issue exposes contributor-level users and above to manipulate various settings without proper authorization. The implications of such unauthorized modification could result in financial loss and unwanted page updates.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share