CVE-2025-22737

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Jan 15, 2025
CWE ID 862

Summary

CVE-2025-22737 is a vulnerability affecting the MagePeople Team WpTravelly plugin, where Access Control Lists (ACLs) are not properly enforced. This missing authorization issue enables unauthorized access to functionality within the plugin, putting versions from n/a through 1.8.5 at risk. Attackers can potentially exploit this vulnerability to gain unwarranted privileges and manipulate settings, leading to potential security threats and unintended modifications. To mitigate this risk, users are advised to update the plugin to the latest version as soon as possible.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share