Description
WordPress Plugin Travel Management is prone to a privilege escalation vulnerability. Exploiting this issue may allow attackers to bypass the expected capabilities check and perform otherwise restricted actions; other attacks are also possible. WordPress Plugin Travel Management version 1.5 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.7 or latest
References
Related Vulnerabilities
WordPress Plugin Dean's FCKEditor with pwwang's code Arbitrary File Upload (1.0.0)
WordPress Plugin WP Datepicker Security Bypass (2.1.0)
OpenSSL Cryptographic Issues Vulnerability (CVE-2016-0800)
WordPress Plugin Bird Feeder Multiple Vulnerabilities (1.2.3)
Oracle Database Server CVE-2009-3413 Vulnerability (CVE-2009-3413)