WP Travel WP Travel CVE-2026-24568
MEDIUMSeverity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
Missing Authorization vulnerability in WP Travel WP Travel wp-travel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Travel: from n/a through <= 11.0.0.
AnalysisAI
WP Travel plugin versions 11.0.0 and earlier contain an access control bypass that allows unauthenticated remote attackers to view sensitive information due to improperly configured authorization checks. An attacker can exploit this vulnerability to access restricted data without proper credentials. A patch is not currently available for affected WordPress installations.
Technical ContextAI
Classified as CWE-862 (Missing Authorization). Affects WP Travel WP Travel wp-travel. Missing Authorization vulnerability in WP Travel WP Travel wp-travel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Travel: from n/a through <= 11.0.0.
Affected ProductsAI
Product: WP Travel WP Travel wp-travel.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today