CVE-2025-66105
Deferred Deferred - Pending Action
Missing Authorization in Bus Ticket Booking with Seat Reservation

Publication date: 2026-05-07

Last updated on: 2026-05-07

Assigner: Patchstack

Description
Missing Authorization vulnerability in Magepeople inc. Bus Ticket Booking with Seat Reservation allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Bus Ticket Booking with Seat Reservation: from n/a before 5.6.8.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-07
Last Modified
2026-05-07
Generated
2026-06-16
AI Q&A
2026-05-07
EPSS Evaluated
2026-06-15
NVD
CVE-2025-66105
EUVD
EUVD-2025-209714
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
magepeople bus_ticket_booking_with_seat_reservation to 5.6.8 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability is a Missing Authorization issue in the WordPress Bus Ticket Booking with Seat Reservation Plugin versions before 5.6.8. It is a Broken Access Control vulnerability that allows unauthenticated users to perform actions that normally require higher privileges because the plugin lacks proper authorization checks.

Impact Analysis

This vulnerability can allow attackers who are not logged in to perform restricted actions within the plugin, potentially leading to unauthorized modifications or misuse of the bus ticket booking system. Although the impact is considered low severity with a CVSS score of 5.3, it can still compromise the integrity of the system by bypassing access controls.

Detection Guidance

This vulnerability allows unauthenticated users to perform actions requiring higher privileges due to missing authorization checks in the Bus Ticket Booking with Seat Reservation plugin versions prior to 5.6.8.

Detection typically involves checking the plugin version installed on your WordPress site to see if it is older than 5.6.8.

There are no specific commands provided in the available resources to detect exploitation attempts or scan for this vulnerability on your network or system.

A practical step is to verify the plugin version via WordPress admin dashboard or by running commands to check the plugin version, such as:

  • Using WP-CLI: wp plugin list | grep bus-ticket-booking-with-seat-reservation
  • Manually checking the plugin version in the plugin's main PHP file or readme.
Mitigation Strategies

The immediate and recommended mitigation step is to update the Bus Ticket Booking with Seat Reservation plugin to version 5.6.8 or later, where the missing authorization checks have been fixed.

If you are a Patchstack user, enabling auto-updates for vulnerable plugins can help ensure you receive patches promptly.

Until the update is applied, consider restricting access to the plugin's functionalities or endpoints that could be exploited by unauthenticated users.

Compliance Impact

The vulnerability is a Missing Authorization issue that allows unauthenticated users to perform actions requiring higher privileges due to broken access control.

Such broken access control vulnerabilities can potentially lead to unauthorized access or modification of data, which may impact compliance with standards and regulations like GDPR or HIPAA that require strict access controls to protect sensitive information.

However, the provided information does not explicitly state the direct impact of this vulnerability on compliance with these regulations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-66105. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart