WordPress WpTravelly Plugin Broken Access Control Vulnerability

Vulnerability Overview The WordPress WpTravelly plugin version <= 2.1.5 contains a Broken Access Control vulnerability. This vulnerability allows unauthorized users to perform certain high-privilege operations. Impact Scope Affected Versions: WpTravelly plugin version <= 2.1.5 CVSS Score: 6.3 (Medium Risk) Risk Description: This type of vulnerability is often used in large-scale attack campaigns. Attackers can exploit this vulnerability to target thousands of websites, regardless of their traffic volume or popularity. Remediation Immediate Action: Update the WpTravelly plugin to version 2.1.6 or higher. Automatic Updates: Patchstack users can enable automatic updates to update only the affected plugin. Details Software Name: WpTravelly Type: WordPress Plugin Vulnerability Type: Broken Access Control Vulnerability Description: Broken Access Control refers to the lack of authorization, authentication, or nonce token checks, which may allow unauthorized users to perform high-privilege operations. Timeline Report Date: December 4, 2025, reported by johska Early Warning: May 26, 2026, early warning sent to Patchstack customers Release Date: May 26, 2026, released by Patchstack Additional Information Risk Level: Low priority, no significant impact Solution: The severity of this security issue is low and unlikely to be exploited. Contact Information For additional information or questions, contact Patchstack through the links provided on the page. Subscription Subscribe to weekly WordPress security intelligence to receive the latest security information via email. Footer Information Includes relevant links and resources from Patchstack, such as pricing, case studies, login, etc. The above is a summary of the key vulnerability information from the webpage screenshot.

Goal Reached Thanks to every supporter — we hit 100%!

WordPress WpTravelly Plugin Broken Access Control Vulnerability