Bus Ticket Booking With Seat Reservation
Monthly
Missing authorization controls in the Magepeople Inc. Bus Ticket Booking with Seat Reservation WordPress plugin allow unauthenticated remote attackers to modify data (such as ticket bookings or seat reservations) through incorrectly configured access control security levels. The vulnerability affects versions before 5.6.8 and has a CVSS score of 5.3 (medium severity) with a network attack vector requiring no authentication or user interaction.
Sensitive system information exposure in magepeopleteam Bus Ticket Booking with Seat Reservation plugin (versions prior to 5.6.5) allows remote, unauthenticated attackers to retrieve embedded sensitive data via network access with high complexity exploitation. The vulnerability carries low real-world risk with EPSS score of 0.02% (5th percentile) and no confirmed active exploitation, though it may expose configuration details or internal system information to unauthorized parties.
A deserialization of untrusted data vulnerability (CWE-502) exists in the magepeopleteam Bus Ticket Booking with Seat Reservation WordPress plugin through version 5.6.0, allowing object injection attacks. An attacker can inject malicious serialized PHP objects into the application, potentially leading to remote code execution or other critical impacts depending on available gadget chains in the WordPress environment. No CVSS score or EPSS data is currently available, and KEV status is unknown, but the vulnerability affects all installations running the vulnerable plugin versions.
Missing authorization controls in the Magepeople Inc. Bus Ticket Booking with Seat Reservation WordPress plugin allow unauthenticated remote attackers to modify data (such as ticket bookings or seat reservations) through incorrectly configured access control security levels. The vulnerability affects versions before 5.6.8 and has a CVSS score of 5.3 (medium severity) with a network attack vector requiring no authentication or user interaction.
Sensitive system information exposure in magepeopleteam Bus Ticket Booking with Seat Reservation plugin (versions prior to 5.6.5) allows remote, unauthenticated attackers to retrieve embedded sensitive data via network access with high complexity exploitation. The vulnerability carries low real-world risk with EPSS score of 0.02% (5th percentile) and no confirmed active exploitation, though it may expose configuration details or internal system information to unauthorized parties.
A deserialization of untrusted data vulnerability (CWE-502) exists in the magepeopleteam Bus Ticket Booking with Seat Reservation WordPress plugin through version 5.6.0, allowing object injection attacks. An attacker can inject malicious serialized PHP objects into the application, potentially leading to remote code execution or other critical impacts depending on available gadget chains in the WordPress environment. No CVSS score or EPSS data is currently available, and KEV status is unknown, but the vulnerability affects all installations running the vulnerable plugin versions.