CVE-2026-25449 WordPress Traveler theme < 3.2.8.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Shinetheme Traveler allows Object Injection.This issue affects Traveler: from n/a before 3.2.8.1...

CVE-2026-25449

CVE-2026-25449 : The WordPress Traveler theme (Shinetheme Traveler) is affected prior to version 3.2.8.1 by a PHP object injection vulnerability caused by deserialization of untrusted data. The issue affects Traveler components (described as before 3.2.8.1) and is rated critical (CVSS 3.1 base sc...

CVE-2026-25449 WordPress Traveler theme < 3.2.8.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in shinetheme Traveler traveler allows Object Injection.This issue affects Traveler: from n/a through 3.2.8.1...

PT-2026-26058

🚨 CVE-2026-25449: WordPress Traveler theme 3.2.8... PHP object injection in WordPress Traveler theme with 9.8 CVSS and zero auth requirements - RCE goldmine for mass WordP... https://t.co/VFpIhT0XqE netsec vulnerability CVE sysadmin zeroday...

WordPress Traveler theme < 3.2.8 - SQL Injection vulnerability

SQL Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Traveler versions 3.2.8...

CVE-2026-24367 WordPress Traveler theme < 3.2.8 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in shinetheme Traveler traveler allows Blind SQL Injection.This issue affects Traveler: from n/a through 3.2.8...

CVE-2026-24367 WordPress Traveler theme < 3.2.8 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in shinetheme Traveler traveler allows Blind SQL Injection.This issue affects Traveler: from n/a through 3.2.8...

CVE-2026-24367

CVE-2026-24367 (WordPress Traveler theme) is a SQL Injection vulnerability in Traveler that allows blind SQL injection. Affected software: Traveler versions before 3.2.8 (i.e.,

CVE-2025-67917 WordPress Traveler theme <= 3.2.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in shinetheme Traveler traveler allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Traveler: from n/a through = 3.2.6...

CVE-2025-67917

CVE-2025-67917 describes a Missing Authorization vulnerability in Travel Traveler (Travel Booking WordPress Theme), affecting Travel Traveler up to version 3.2.6. The root cause is incorrectly configured access control that could allow unauthorized access to certain resources. Wordfence documenta...

CVE-2025-67917 WordPress Traveler theme <= 3.2.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in shinetheme Traveler traveler allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Traveler: from n/a through = 3.2.6...

WordPress Traveler theme <= 3.2.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme Traveler versions = 3.2.6...

CVE-2025-69030 WordPress Backpack Traveler theme <= 2.10.3 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Backpack Traveler backpacktraveler allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Backpack Traveler: from n/a through = 2.10.3...

CVE-2025-64373

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in shinetheme Traveler traveler allows PHP Local File Inclusion.This issue affects Traveler: from n/a through 3.2.6...

CVE-2025-64371 WordPress Traveler theme < 3.2.6 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in shinetheme Traveler traveler allows Blind SQL Injection.This issue affects Traveler: from n/a through 3.2.6...

CVE-2025-64371

The CVE-2025-64371 entry concerns the WordPress Traveler theme (Traveler) with a SQL Injection vulnerability in versions prior to 3.2.6. The root cause is improper neutralization of special elements in SQL commands, enabling Blind SQL Injection. Affected product/version: WordPress Traveler theme ...

CVE-2025-64372 WordPress Traveler theme < 3.2.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in shinetheme Traveler traveler allows Reflected XSS.This issue affects Traveler: from n/a through 3.2.6...

CVE-2025-64372 WordPress Traveler theme < 3.2.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in shinetheme Traveler traveler allows Reflected XSS.This issue affects Traveler: from n/a through 3.2.6...

CVE-2025-64372

CVE-2025-64372 affects the WordPress Traveler theme prior to version

CVE-2025-63028 WordPress Traveler theme <= 3.2.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in shinetheme Traveler traveler allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Traveler: from n/a through = 3.2.6...