Travel Management < 1.7 – Unauthenticated Options Change | CVE 2019-15773

Affects Plugins

nd-travel

Fixed in 1.7

References

CVE

CVE-2019-15773

URL

https://blog.nintechnet.com/privilege-escalation-vulnerability-in-wordpress-nd-travel-management-plugin/

Classification

Type

PRIVESC

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CWE-269

CVSS

6.1 (medium)

Miscellaneous

Original Researcher

Jerome Bruandet (nintechnet.com)

Verified

No

WPVDB ID

d2481a95-402e-45a4-8462-f2b49ef942b3

Timeline

Publicly Published

2019-08-03 (about 6 years ago)

Added

2019-08-03 (about 6 years ago)

Last Updated

2020-09-22 (about 5 years ago)

Other

Published

Title

Published

2025-02-17

Title

Gtbabel < 6.6.9 - Unauthenticated Admin Account Takeover

Published

2019-09-07

Title

Search Exclude < 1.2.4 - Arbitrary Settings Change

Published

2023-02-27

Title

Houzez < 2.7.2 - Unauthenticated Privilege Escalation

Published

2016-07-08

Title

Profile Builder < 2.4.1 - Privilege Escalation

Published

2026-01-22

Title

Prime Listing Manager <= 1.1 - Unauthenticated Privilege Escalation