CVE-2026-49770 WordPress WP Travel Engine plugin <= 6.7.12 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in WP Travel Engine = 6.7.12 versions...

EUVD-2026-36877

Unauthenticated Other Vulnerability Type in WP Travel Engine = 6.7.10 versions...

CVE-2026-49078

Technical details for CVE-2026-49078 are not publicly available in the provided documents. Monitor updates from Patchstack/CVE entries for affected version 6.7.10 and potential fixes.

PT-2026-49343

Name of the Vulnerable Software and Affected Versions WP Travel Engine versions prior to 6.7.13 Description An unauthenticated PHP Object Injection exists in the software. PHP Object Injection occurs when user-supplied input is passed to the PHP unserialize function without proper validation,...

EUVD-2026-18983

The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wtetriptax' shortcode in all versions up to, and including, 6.7.5 due to insufficient input sanitization and output escaping on user supplied...

CVE-2026-2437

The WP Travel Engine – Tour Booking Plugin for WordPress is affected by a Stored Cross‑Site Scripting (XSS) in the wte_trip_tax shortcode, impacting all versions up to and including 6.7.5. The issue arises from insufficient input sanitization and output escaping on user-supplied attributes, enabl...

CVE-2025-7526

The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to arbitrary file deletion via renaming due to insufficient file path validation in the setuserprofileimage function in all versions up to, and including, 6.6.7. This makes it possible for...

CVE-2025-7634 WP Travel Engine – Tour Booking Plugin – Tour Operator Software <= 6.6.7 - Unauthenticated Local File Inclusion

The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 6.6.7 via the mode parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on th...

CVE-2025-7526

CVE-2025-7526 affects WP Travel Engine – Tour Booking Plugin – Tour Operator Software for WordPress (versions

EUVD-2021-11592

Malware in sbrugna...

EUVD-2024-28422

Malicious code in bioql PyPI...

EUVD-2024-37035

Malicious code in bioql PyPI...

EUVD-2025-17260

Malicious code in bioql PyPI...

EUVD-2024-50736

Malicious code in bioql PyPI...

EUVD-2025-8326

Malicious code in bioql PyPI...

EUVD-2024-28424

Malicious code in bioql PyPI...

EUVD-2025-9086

Malicious code in bioql PyPI...

EUVD-2024-36901

Malicious code in bioql PyPI...

EUVD-2024-30584

Malicious code in bioql PyPI...

CVE-2025-59574

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Travel Engine WP Travel Engine wte-elementor-widgets allows Stored XSS.This issue affects WP Travel Engine: from n/a through = 1.4.2...