CVE-2024-30516
Published: 05 January 2026
Summary
CVE-2024-30516 is a high-severity Improper Validation of Specified Quantity in Input (CWE-1284) vulnerability. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 37.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2024-30516 is an Improper Validation of Specified Quantity in Input vulnerability in the SaasProject Booking Package WordPress plugin. This flaw allows accessing functionality not properly constrained by ACLs and affects all versions from n/a through 1.6.27. The vulnerability is associated with CWE-1284 and has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N), indicating high severity due to its network accessibility and integrity impact.
Unauthenticated attackers with network access can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation enables high-impact integrity violations, such as manipulating prices in the booking system, without affecting confidentiality or availability.
The Patchstack advisory documents this as a price manipulation vulnerability in WordPress Booking Package plugin version 1.6.27 and provides details on the issue.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-28436
Vulnerability details
Improper Validation of Specified Quantity in Input vulnerability in SaasProject Booking Package allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booking Package: from n/a through 1.6.27.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct unauthenticated exploitation of public-facing WordPress plugin via improper input validation for price manipulation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly addresses the improper validation of specified quantity in input by requiring validation of external inputs before processing in the booking plugin.
Enforces access control policies to constrain functionality by ACLs, preventing unauthorized access and manipulation such as price changes.
Requires timely identification, reporting, and correction of flaws like this input validation vulnerability in the WordPress plugin.