CVE-2024-12032

🗓️ 25 Dec 2024 03:21:31Reported by WordfenceType

Authenticated SQL Injection vulnerability in Tourfic WordPress Plugin allows data extraction.

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2024-12032	25 Dec 202403:24	–	circl
CNNVD	WordPress plugin Tourfic SQL注入漏洞	25 Dec 202400:00	–	cnnvd
Cvelist	CVE-2024-12032 Tourfic – Ultimate Hotel Booking, Travel Booking & Apartment Booking WordPress Plugin \| WooCommerce Booking <= 2.15.3 - Authenticated (Subscriber+) SQL Injection	25 Dec 202403:21	–	cvelist
EUVD	EUVD-2024-50547	3 Oct 202520:07	–	euvd
NVD	CVE-2024-12032	25 Dec 202404:15	–	nvd
OSV	CVE-2024-12032	25 Dec 202404:15	–	osv
Patchstack	WordPress Tourfic plugin <= 2.15.3 - Authenticated (Subscriber+) SQL Injection vulnerability	24 Dec 202415:54	–	patchstack
Positive Technologies	PT-2024-17412 · WordPress · Tourfic – Ultimate Hotel Booking	25 Dec 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-12032	23 May 202509:26	–	redhatcve
Vulnrichment	CVE-2024-12032 Tourfic – Ultimate Hotel Booking, Travel Booking & Apartment Booking WordPress Plugin \| WooCommerce Booking <= 2.15.3 - Authenticated (Subscriber+) SQL Injection	25 Dec 202403:21	–	vulnrichment

NVD

Vulners

Node

themefic tourficRange<2.15.4wordpress

[
  {
    "vendor": "themefic",
    "product": "Tourfic – Travel Booking, Hotel Booking & Car Rental WordPress Plugin",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThanOrEqual": "2.15.3",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
plugins	www.plugins.trac.wordpress.org/changeset/3207686/tourfic/trunk/inc/Core/Enquiry.php
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/35eebcc8-a6bf-4cbb-9cc6-f49bd1625d6b
plugins	www.plugins.trac.wordpress.org/browser/tourfic/tags/2.14.1/inc/Core/Enquiry.php

08 Apr 2026 16:46Current

6.5Medium risk

Vulners AI Score6.5

CVSS 3.16.5

EPSS0.00204

SSVC

CWE-89