Lucene search
K

8 matches found

Cvelist
Cvelist
added 2026/06/26 2:52 p.m.31 views

CVE-2026-56059 WordPress Travel Booking theme <= 2.2.5 - Arbitrary File Upload vulnerability

Subscriber Arbitrary File Upload in Travel Booking = 2.2.5 versions...

9.9CVSS0.00362EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:52 p.m.13 views

CVE-2026-56059

The CVE-2026-56059 entry concerns the WordPress Travel Booking theme version up to 2.2.5, which is affected by an arbitrary file upload vulnerability in Subscriber context. The linked sources (NVD/CVE records) confirm the affected product and version range and classify the severity as critical wi...

9.9CVSS5.8AI score0.00362EPSS
Exploits0References1
CVE
CVE
added 2026/03/13 11:42 a.m.9 views

CVE-2026-32486

CVE-2026-32486 affects the WordPress Travel Booking theme (Travel Booking, plugin-like component) with versions up to and including 1.3.9. The vulnerability is described as a Missing Authorization / Broken Access Control issue caused by incorrectly configured access control security levels in the...

5.3CVSS5.8AI score0.00188EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/13 11:42 a.m.30 views

CVE-2026-32486 WordPress Travel Booking theme <= 1.3.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in wptravelengine Travel Booking travel-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Booking: from n/a through = 1.3.9...

5.3CVSS0.00188EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-34358

Malicious code in bioql PyPI...

7.5CVSS8.7AI score0.00453EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/12/18 12:0 a.m.6 views

PT-2024-17349 · WordPress · The Travel Booking Wordpress Theme

Name of the Vulnerable Software and Affected Versions: Travel Booking WordPress Theme versions up to, and including, 3.1.6 Description: The issue allows authenticated attackers with Subscriber-level access and above to modify data without permission due to a missing capability check on several...

6.5CVSS9.4AI score0.00296EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/12/18 12:0 a.m.4 views

PT-2024-17343 · WordPress · The Travel Booking Wordpress Theme

Name of the Vulnerable Software and Affected Versions: The Travel Booking WordPress Theme versions up to, and including, 3.1.6 Description: The issue is a blind time-based SQL Injection vulnerability. It affects the order id parameter due to insufficient escaping on the user-supplied parameter an...

7.5CVSS9.8AI score0.00453EPSS
Exploits0References7
Patchstack
Patchstack
added 2019/06/11 12:0 a.m.15 views

WordPress Travel Booking Theme <= 2.7 - Reflected & Stored Cross-Site Scripting XSS vulnerability

Reflected & Stored Cross-Site Scripting XSS vulnerability found by QUIXSS in WordPress Traveler - Travel Booking Theme versions = 2.7.1. Solution 11 June 2019 - we were unable to find a fixed version...

2.2AI score
Exploits0References1Affected Software1
Rows per page
Query Builder