CVE-2025-66105
Missing Authorization in Bus Ticket Booking with Seat Reservation
Publication date: 2026-05-07
Last updated on: 2026-05-07
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| magepeople | bus_ticket_booking_with_seat_reservation | to 5.6.8 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability is a Missing Authorization issue in the WordPress Bus Ticket Booking with Seat Reservation Plugin versions before 5.6.8. It is a Broken Access Control vulnerability that allows unauthenticated users to perform actions that normally require higher privileges because the plugin lacks proper authorization checks.
How can this vulnerability impact me? :
This vulnerability can allow attackers who are not logged in to perform restricted actions within the plugin, potentially leading to unauthorized modifications or misuse of the bus ticket booking system. Although the impact is considered low severity with a CVSS score of 5.3, it can still compromise the integrity of the system by bypassing access controls.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability allows unauthenticated users to perform actions requiring higher privileges due to missing authorization checks in the Bus Ticket Booking with Seat Reservation plugin versions prior to 5.6.8.
Detection typically involves checking the plugin version installed on your WordPress site to see if it is older than 5.6.8.
There are no specific commands provided in the available resources to detect exploitation attempts or scan for this vulnerability on your network or system.
A practical step is to verify the plugin version via WordPress admin dashboard or by running commands to check the plugin version, such as:
- Using WP-CLI: wp plugin list | grep bus-ticket-booking-with-seat-reservation
- Manually checking the plugin version in the plugin's main PHP file or readme.
What immediate steps should I take to mitigate this vulnerability?
The immediate and recommended mitigation step is to update the Bus Ticket Booking with Seat Reservation plugin to version 5.6.8 or later, where the missing authorization checks have been fixed.
If you are a Patchstack user, enabling auto-updates for vulnerable plugins can help ensure you receive patches promptly.
Until the update is applied, consider restricting access to the plugin's functionalities or endpoints that could be exploited by unauthenticated users.