Travel Management <= 1.5 - Unauthenticated Options Change



Description
Note: Issue has been fixed in 1.6, however v1.6.1 received additional sanitisation and nonces checks (unrelated to the issue), so the fixed in has been set to 1.6.1

Affects Plugin

fixed in version 1.6.1

References

URL https://blog.nintechnet.com/privilege-escalation-vulnerability-in-wordpress-nd-travel-management-plugin/

Classification

Type PRIVESC
OWASP Top 10 A2: Broken Authentication and Session Management
CWE CWE-269

Miscellaneous

Original Researcher Jerome Bruandet (nintechnet.com)
Views 1901
Verified No
WPVDB ID 9491

Timeline

Publicly Published 2019-08-03 (22 days ago)
Added 2019-08-03 (22 days ago)
Last Updated 2019-08-03 (22 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin