43 matches found
Travelpayouts <= 1.1.16 - Open Redirect
The plugin is vulnerable to Open Redirect due to insufficient validation on the travelpayoutsredirect variable. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. id: CVE-2024-0337...
CVE-2025-68042
Missing Authorization vulnerability in Travelpayouts Travelpayouts travelpayouts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travelpayouts: from n/a through = 1.2.2...
CVE-2025-68042
Missing Authorization vulnerability in Travelpayouts Travelpayouts travelpayouts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travelpayouts: from n/a through = 1.2.2...
CVE-2025-68042 WordPress Travelpayouts plugin <= 1.2.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Travelpayouts Travelpayouts travelpayouts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travelpayouts: from n/a through = 1.2.1...
CVE-2025-68042
CVE-2025-68042 is a Missing Authorization vulnerability in the WordPress Travelpayouts plugin, affecting versions up to and including 1.2.2 (per NVD/Red Hat/CVE lists). The issue is described as broken access control allowing exploitation due to incorrectly configured access control security leve...
CVE-2025-68042 WordPress Travelpayouts plugin <= 1.2.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in Travelpayouts Travelpayouts travelpayouts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travelpayouts: from n/a through = 1.2.2...
WordPress plugin Travelpayouts 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-21080
Name of the Vulnerable Software and Affected Versions Travelpayouts versions through 1.2.1 Description An authorization issue exists in Travelpayouts travelpayouts, allowing exploitation of incorrectly configured access control security levels. Recommendations Update Travelpayouts to a version...
WordPress Travelpayouts plugin <= 1.2.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by daroo in WordPress Plugin Travelpayouts versions = 1.2.1...
EUVD-2023-58206
Malicious code in bioql PyPI...
EUVD-2023-58204
Malicious code in bioql PyPI...
CVE-2024-0337
The Travelpayouts: All Travel Brands in One Place WordPress plugin through 1.1.15 is vulnerable to Open Redirect due to insufficient validation on the travelpayoutsredirect variable. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can...
CVE-2023-5934
The Travelpayouts: All Travel Brands in One Place WordPress plugin before 1.1.13 does not have CSRF check in place when importing settings from the v1, which could allow attackers to make a logged in admin update some settings via a CSRF attack...
CVE-2023-5932
The Travelpayouts: All Travel Brands in One Place WordPress plugin before 1.1.14 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
WordPress Travelpayouts plugin < 1.1.13 - Settings Update via CSRF vulnerability
Settings Update via CSRF vulnerability discovered by Erwan LR WPScan in WordPress Plugin Travelpayouts versions 1.1.13...
WordPress Travelpayouts plugin < 1.1.14 - Reflected XSS vulnerability
Reflected XSS vulnerability discovered by Krzysztof Zając CERT PL in WordPress Plugin Travelpayouts versions 1.1.14...
CVE-2023-5934
The Travelpayouts: All Travel Brands in One Place WordPress plugin before 1.1.13 does not have CSRF check in place when importing settings from the v1, which could allow attackers to make a logged in admin update some settings via a CSRF attack...
CVE-2023-5932
The Travelpayouts: All Travel Brands in One Place WordPress plugin before 1.1.14 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2023-5932
The Travelpayouts: All Travel Brands in One Place WordPress plugin before 1.1.14 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2023-5934
The Travelpayouts: All Travel Brands in One Place WordPress plugin before 1.1.13 does not have CSRF check in place when importing settings from the v1, which could allow attackers to make a logged in admin update some settings via a CSRF attack...