Description
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in magepeopleteam Bus Ticket Booking with Seat Reservation bus-ticket-booking-with-seat-reservation allows Retrieve Embedded Sensitive Data.This issue affects Bus Ticket Booking with Seat Reservation: from n/a through < 5.6.5.
Published: 2026-04-08
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A vulnerability exists in the Bus Ticket Booking with Seat Reservation WordPress plugin that allows an attacker to retrieve sensitive embedded data. The flaw enables unauthorized access to confidential information, compromising confidentiality. The weakness is categorized under CWE-497, indicating that sensitive data is exposed through improper handling.

Affected Systems

The affected product is the WordPress plugin Bus Ticket Booking with Seat Reservation, developed by magepeopleteam. Versions older than 5.6.5 are impacted, while 5.6.5 and later versions are not affected.

Risk and Exploitability

The CVSS base score for this issue is 4.3, suggesting a moderate severity. EPSS indicates that the probability of exploitation is low, with less than 1% chance of being attacked. This vulnerability is not listed in the CISA KEV catalog, implying that there are no known large‑scale incidents. The likely attack vector is through the WordPress web interface, where an unauthorized user could exploit the plugin's handling of sensitive data to gain disclosure.

Generated by OpenCVE AI on April 29, 2026 at 12:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Bus Ticket Booking with Seat Reservation plugin to version 5.6.5 or newer.
  • If an immediate update is not feasible, disable or remove any configuration options within the plugin that expose sensitive data.
  • Restrict access to any data endpoints provided by the plugin by implementing role‑based access controls or blocking them via server configuration rules.

Generated by OpenCVE AI on April 29, 2026 at 12:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 29 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N'}

 cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

Tue, 14 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 09 Apr 2026 08:30:00 +0000

Type Values Removed Values Added
First Time appeared Mage-people
Mage-people bus Ticket Booking With Seat Reservation
Wordpress
Wordpress wordpress
Vendors & Products Mage-people
Mage-people bus Ticket Booking With Seat Reservation
Wordpress
Wordpress wordpress

Wed, 08 Apr 2026 08:45:00 +0000

Type Values Removed Values Added
Description Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in magepeopleteam Bus Ticket Booking with Seat Reservation bus-ticket-booking-with-seat-reservation allows Retrieve Embedded Sensitive Data.This issue affects Bus Ticket Booking with Seat Reservation: from n/a through < 5.6.5.
Title WordPress Bus Ticket Booking with Seat Reservation plugin < 5.6.5 - Sensitive Data Exposure vulnerability
Weaknesses CWE-497
References

Subscriptions

Mage-people Bus Ticket Booking With Seat Reservation
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-29T09:52:02.255Z

Reserved: 2026-04-07T10:48:32.434Z

Link: CVE-2026-39572

cve-icon Vulnrichment

Updated: 2026-04-14T17:58:18.735Z

cve-icon NVD

Status : Deferred

Published: 2026-04-08T09:16:28.497

Modified: 2026-04-29T10:17:29.297

Link: CVE-2026-39572

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T13:00:06Z

Weaknesses