The WP Travel Engine is a popular plugin for WordPress that allows users to book travel plans. However, it has a security vulnerability that allows people to change the price of bookings. This can be done by anyone, even if they are not logged in to the website.