CVE-2024-30516 HIGH

CVE-2024-30516: WordPress Booking Package plugin <= 1.6.27 - Price Manipulation vulnerability

Vendor Saasproject
Product Booking Package
Weakness CWE-1284
Published January 5, 2026
Last update April 28, 2026

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

What the vulnerability does

01Description

Improper Validation of Specified Quantity in Input vulnerability in SaasProject Booking Package allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booking Package: from n/a through 1.6.27.

Explanation of Vulnerability in Simple Terms

02Summary

Booking Package versions up to 1.6.27 contain an integrity vulnerability allowing attackers to modify data without authentication. The flaw requires only network access and no user interaction. An attacker can alter booking records or other critical information. Update to a version newer than 1.6.27 to resolve this issue.

What an attacker can do

03Attacker Capabilities

Modify booking data and other information without logging in.

Potential impact on your site

04Site Impact

Attackers can alter bookings, customer records, or other data without credentials.

Conditions required to exploit

05Prerequisites

Network access to the application; no authentication or user interaction required.

Key dates

06Disclosure timeline

January 5, 2026 CVE published
April 28, 2026 Record updated