WordPress Plugin Vulnerabilities

WP Travel Engine < 5.8.1 - Unauthenticated Price Manipulation

Description

The WP Travel Engine – Best Travel Booking WordPress Plugin plugin for WordPress is vulnerable to price manipulation in all versions up to, and including, 5.8.0. This is due to the plugin not properly validating a price. This makes it possible for unauthenticated attackers to manipulate the price of bookings.

Affects Plugins

Plugin icon
wp-travel-engine
Fixed in 5.8.1

References

CVE
CVE-2024-32798
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/3a19bd0c-87b3-421b-a7af-c473ac084813

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Ananda Dhakal
Verified
No
WPVDB ID
3c339de9-bbe1-46b5-938b-7c4a7033f905

Timeline

Publicly Published
2024-04-22 (about 2 years ago)
Added
2024-05-03 (about 2 years ago)
Last Updated
2024-05-03 (about 2 years ago)

Other

Published
Title
Published
2025-09-22
Title
Payrexx Payment Gateway for WooCommerce < 3.1.6 - Missing Authorization
Published
2025-08-25
Title
Page Manager for Elementor <= 2.0.5 - Missing Authorization
Published
2026-01-08
Title
Japanized for WooCommerce < 2.8.0 - Missing Authorization to Unauthenticated Order Status Modification
Published
2024-12-18
Title
File Manager Pro – Filester < 1.8.7 - Missing Authorization to Authenticated (Subscriber+) Filebird Plugin Installation
Published
2025-05-07
Title
Graphina < 3.0.5 - Missing Authorization