Travel Management <= 1.5 - Unauthenticated Options Change
| Description | Note: Issue has been fixed in 1.6, however v1.6.1 received additional sanitisation and nonces checks (unrelated to the issue), so the fixed in has been set to 1.6.1 |
Affects Plugin
|
fixed in version 1.6.1
|
References
| URL | https://blog.nintechnet.com/privilege-escalation-vulnerability-in-wordpress-nd-travel-management-plugin/ |
Classification
| Type | PRIVESC |
| OWASP Top 10 | A2: Broken Authentication and Session Management |
| CWE | CWE-269 |
Miscellaneous
| Original Researcher | Jerome Bruandet (nintechnet.com) |
| Views | 1901 |
| Verified | No |
| WPVDB ID | 9491 |
Timeline
| Publicly Published | 2019-08-03 (22 days ago) |
| Added | 2019-08-03 (22 days ago) |
| Last Updated | 2019-08-03 (22 days ago) |
Our Other Services
| Online WordPress Vulnerability Scanner | WPScan WordPress Security Plugin |
