Description
WordPress Plugin Travel Management is prone to a privilege escalation vulnerability. Exploiting this issue may allow attackers to bypass the expected capabilities check and perform otherwise restricted actions; other attacks are also possible. WordPress Plugin Travel Management version 1.5 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.7 or latest
References
Related Vulnerabilities
WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0165)
Oracle Database Server CVE-2014-6452 Vulnerability (CVE-2014-6452)
WordPress Plugin WP Realtime Sitemap Multiple Unspecified Vulnerabilities (1.5.5)
WordPress Plugin SP Project & Document Manager Arbitrary File Upload (4.22)
WordPress Plugin WP Hotel Booking Remote Code Execution (1.10.2)