20 matches found
CVE-2025-68042 WordPress Travelpayouts plugin <= 1.2.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Travelpayouts Travelpayouts travelpayouts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travelpayouts: from n/a through = 1.2.1...
CVE-2025-68042
CVE-2025-68042 is a Missing Authorization vulnerability in the WordPress Travelpayouts plugin, affecting versions up to and including 1.2.2 (per NVD/Red Hat/CVE lists). The issue is described as broken access control allowing exploitation due to incorrectly configured access control security leve...
WordPress plugin Travelpayouts 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress Travelpayouts plugin <= 1.2.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by daroo in WordPress Plugin Travelpayouts versions = 1.2.1...
EUVD-2023-58204
Malicious code in bioql PyPI...
CVE-2024-0337
The Travelpayouts: All Travel Brands in One Place WordPress plugin through 1.1.15 is vulnerable to Open Redirect due to insufficient validation on the travelpayoutsredirect variable. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can...
CVE-2023-5934
The Travelpayouts: All Travel Brands in One Place WordPress plugin before 1.1.13 does not have CSRF check in place when importing settings from the v1, which could allow attackers to make a logged in admin update some settings via a CSRF attack...
CVE-2023-5932
The Travelpayouts: All Travel Brands in One Place WordPress plugin before 1.1.14 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2023-5934
The Travelpayouts: All Travel Brands in One Place WordPress plugin before 1.1.13 does not have CSRF check in place when importing settings from the v1, which could allow attackers to make a logged in admin update some settings via a CSRF attack...
CVE-2023-5932
The Travelpayouts: All Travel Brands in One Place WordPress plugin before 1.1.14 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2023-5932
The Travelpayouts: All Travel Brands in One Place WordPress plugin before 1.1.14 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2023-5934
The Travelpayouts: All Travel Brands in One Place WordPress plugin before 1.1.13 does not have CSRF check in place when importing settings from the v1, which could allow attackers to make a logged in admin update some settings via a CSRF attack...
CVE-2023-5934 Travelpayouts < 1.1.13 - Settings Update via CSRF
The Travelpayouts: All Travel Brands in One Place WordPress plugin before 1.1.13 does not have CSRF check in place when importing settings from the v1, which could allow attackers to make a logged in admin update some settings via a CSRF attack...
CVE-2023-5934 Travelpayouts < 1.1.13 - Settings Update via CSRF
The Travelpayouts: All Travel Brands in One Place WordPress plugin before 1.1.13 does not have CSRF check in place when importing settings from the v1, which could allow attackers to make a logged in admin update some settings via a CSRF attack...
CVE-2023-5932 Travelpayouts < 1.1.14 - Reflected XSS
The Travelpayouts: All Travel Brands in One Place WordPress plugin before 1.1.14 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2023-5932 Travelpayouts < 1.1.14 - Reflected XSS
The Travelpayouts: All Travel Brands in One Place WordPress plugin before 1.1.14 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
WordPress plugin Travelpayouts: All Travel Brands in One Place 安全漏洞
WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
WordPress plugin Travelpayouts: All Travel Brands in One Place 安全漏洞
WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
WordPress Travelpayouts Plugin <= 1.1.16 is vulnerable to Open Redirection
Software Travelpayouts Type Plugin Vulnerable versions = 1.1.16 Fixed in 1.1.17 OWASP Top 10 A1: Injection Classification Open Redirection CVE CVE-2024-0337 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID 22ec7383525a Credits Krzysztof Zając CERT PL Required privilege...
PT-2024-15475 · WordPress · Travelpayouts: All Travel Brands In One Place
Name of the Vulnerable Software and Affected Versions: Travelpayouts: All Travel Brands in One Place WordPress plugin versions 1.1.15 and earlier Description: The issue is related to insufficient validation on the travelpayouts redirect variable, making it possible for unauthenticated attackers t...