CVE-2024-30516
Published: 05 January 2026
Summary
CVE-2024-30516 is a high-severity Improper Validation of Specified Quantity in Input (CWE-1284) vulnerability. Its CVSS base score is 7.5 (High).
Operationally, ranked at the 40.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
NVD Description
Improper Validation of Specified Quantity in Input vulnerability in SaasProject Booking Package allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booking Package: from n/a through 1.6.27.
Deeper analysisAI
CVE-2024-30516 is an Improper Validation of Specified Quantity in Input vulnerability in the SaasProject Booking Package WordPress plugin. This flaw allows accessing functionality not properly constrained by ACLs and affects all versions from n/a through 1.6.27. The vulnerability is associated with CWE-1284 and has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N), indicating high severity due to its network accessibility and integrity impact.
Unauthenticated attackers with network access can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation enables high-impact integrity violations, such as manipulating prices in the booking system, without affecting confidentiality or availability.
The Patchstack advisory documents this as a price manipulation vulnerability in WordPress Booking Package plugin version 1.6.27 and provides details on the issue.
Details
- CWE(s)