CVE-2024-0434

Name of the Vulnerable Software and Affected Versions WpTravelly plugin for WordPress versions prior to 1.7.2

Description The issue allows unauthorized modification of data due to a missing capability check on the ttbm new place save function. This enables unauthenticated attackers to create and publish new place posts. The function is also vulnerable to CSRF, allowing attackers to perform actions without the user's knowledge.

Recommendations For versions prior to 1.7.2, update to version 1.7.2 or later to resolve the issue. As a temporary workaround, consider disabling the ttbm new place save function until a patch is available. Restrict access to the affected function to minimize the risk of exploitation.