PT-2026-50416

Name of the Vulnerable Software and Affected Versions WP Travel Gutenberg Blocks versions prior to 3.9.4 Description Improper Neutralization of Special Elements used in an SQL Command allows Blind SQL Injection. Blind SQL Injection is a type of attack where the application does not return data...

CVE-2026-49770 WordPress WP Travel Engine plugin <= 6.7.12 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in WP Travel Engine = 6.7.12 versions...

EUVD-2026-36877

Unauthenticated Other Vulnerability Type in WP Travel Engine = 6.7.10 versions...

CVE-2026-49078

Technical details for CVE-2026-49078 are not publicly available in the provided documents. Monitor updates from Patchstack/CVE entries for affected version 6.7.10 and potential fixes.

PT-2026-49343

Name of the Vulnerable Software and Affected Versions WP Travel Engine versions prior to 6.7.13 Description An unauthenticated PHP Object Injection exists in the software. PHP Object Injection occurs when user-supplied input is passed to the PHP unserialize function without proper validation,...

CVE-2026-45218

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Travel WP Travel wp-travel allows Blind SQL Injection.This issue affects WP Travel: from n/a through = 11.4.0...

WordPress WP Travel Pro plugin <= 10.6.0 - Missing Authorization to Unauthenticated Arbitrary User Deletion Including Administrators vulnerability

Missing Authorization to Unauthenticated Arbitrary User Deletion Including Administrators vulnerability discovered by Ren Voza in WordPress Plugin WP Travel Pro versions = 10.6.0...

EUVD-2026-29458

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Travel WP Travel wp-travel allows Blind SQL Injection.This issue affects WP Travel: from n/a through = 11.4.0...

CVE-2026-45218

Summary: WP Travel WordPress plugin (versions

CVE-2026-45218 WordPress WP Travel plugin <= 11.4.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Travel WP Travel wp-travel allows Blind SQL Injection.This issue affects WP Travel: from n/a through = 11.4.0...

WordPress plugin WP Travel SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

EUVD-2026-18983

The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wtetriptax' shortcode in all versions up to, and including, 6.7.5 due to insufficient input sanitization and output escaping on user supplied...

CVE-2026-2437

The WP Travel Engine – Tour Booking Plugin for WordPress is affected by a Stored Cross‑Site Scripting (XSS) in the wte_trip_tax shortcode, impacting all versions up to and including 6.7.5. The issue arises from insufficient input sanitization and output escaping on user-supplied attributes, enabl...

CVE-2026-24568

Missing Authorization vulnerability in WP Travel WP Travel wp-travel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Travel: from n/a through = 11.1.0...

CVE-2026-24568

Missing Authorization vulnerability in WP Travel WP Travel wp-travel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Travel: from n/a through = 11.1.0...

CVE-2026-24568

Missing Authorization vulnerability in WP Travel WP Travel wp-travel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Travel: from n/a through = 11.0.0...

CVE-2026-24568 WordPress WP Travel plugin <= 11.1.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Travel WP Travel wp-travel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Travel: from n/a through = 11.1.0...

CVE-2025-62063

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Travel WP Travel Gutenberg Blocks wp-travel-blocks.This issue affects WP Travel Gutenberg Blocks: from n/a through = 3.9.2...

EUVD-2025-35371

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Travel WP Travel Gutenberg Blocks wp-travel-blocks.This issue affects WP Travel Gutenberg Blocks: from n/a through = 3.9.2...

CVE-2025-62063 WordPress WP Travel Gutenberg Blocks plugin <= 3.9.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Travel WP Travel Gutenberg Blocks wp-travel-blocks.This issue affects WP Travel Gutenberg Blocks: from n/a through = 3.9.2...