EUVD-2026-29458

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Travel WP Travel wp-travel allows Blind SQL Injection.This issue affects WP Travel: from n/a through = 11.4.0...

EUVD-2021-34216

Malicious code in bioql PyPI...

CVE-2024-12067

The WP Travel – Ultimate Travel Booking System, Tour Management Engine plugin for WordPress is vulnerable to SQL Injection via the 'bookingitinerary' parameter of the 'wptravelgetbookingdata' function in all versions up to, and including, 10.0.0 due to insufficient escaping on the user supplied...

CVE-2025-22691

CVE-2025-22691 is a SQL injection vulnerability in the WordPress plugin WP Travel . The issue arises from improper neutralization of input in SQL commands, affecting versions up to and including 10.1.0 (and referenced advisories extend to 10.1.3). The CVSS-derived base impact in the initial recor...

CVE-2025-22691 WordPress WP Travel plugin <= 10.1.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Travel WP Travel allows SQL Injection. This issue affects WP Travel: from n/a through 10.1.0...

CVE-2025-22691 WordPress WP Travel plugin <= 10.1.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Travel WP Travel wp-travel allows SQL Injection.This issue affects WP Travel: from n/a through = 10.1.3...

WordPress WP Travel plugin <= 10.1.3 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin WP Travel versions = 10.1.3...

CVE-2024-12067

The WP Travel – Ultimate Travel Booking System, Tour Management Engine plugin for WordPress is vulnerable to SQL Injection via the 'bookingitinerary' parameter of the 'wptravelgetbookingdata' function in all versions up to, and including, 10.0.0 due to insufficient escaping on the user supplied...

CVE-2024-12067 WP Travel – Ultimate Travel Booking System, Tour Management Engine <= 10.0.0 - Authenticated (Subscriber+) SQL Injection

The WP Travel – Ultimate Travel Booking System, Tour Management Engine plugin for WordPress is vulnerable to SQL Injection via the 'bookingitinerary' parameter of the 'wptravelgetbookingdata' function in all versions up to, and including, 10.0.0 due to insufficient escaping on the user supplied...

CVE-2024-12067

CVE-2024-12067 affects the WordPress plugin pair WP Travel – Ultimate Travel Booking System, Tour Management Engine, with vulnerable versions up to 10.0.0. The vulnerability is an SQL Injection in the wptravel_get_booking_data function caused by insufficient escaping of the booking_itinerary para...

CVE-2024-12067 WP Travel – Ultimate Travel Booking System, Tour Management Engine <= 10.0.0 - Authenticated (Subscriber+) SQL Injection

The WP Travel – Ultimate Travel Booking System, Tour Management Engine plugin for WordPress is vulnerable to SQL Injection via the 'bookingitinerary' parameter of the 'wptravelgetbookingdata' function in all versions up to, and including, 10.0.0 due to insufficient escaping on the user supplied...

WordPress WP Travel plugin <= 10.0.0 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by shaman0x01 in WordPress Plugin WP Travel versions = 10.0.0...

CVE-2023-47224 WordPress WP Travel plugin <= 7.8.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Travel WP Travel wp-travel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Travel: from n/a through = 7.8.0...

CVE-2021-4389 WP Travel <= 4.4.6 - Cross-Site Request Forgery Bypass

The WP Travel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.4.6. This is due to missing or incorrect nonce validation on the savemetadata function. This makes it possible for unauthenticated attackers to save metadata for travel posts via a...

CVE-2021-4389 WP Travel <= 4.4.6 - Cross-Site Request Forgery Bypass

The WP Travel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.4.6. This is due to missing or incorrect nonce validation on the savemetadata function. This makes it possible for unauthenticated attackers to save metadata for travel posts via a...

WordPress WP Travel plugin <= 4.4.6 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability found by NintechNet in WordPress WP Travel plugin versions = 4.4.6. Solution Update the WordPress WP Travel plugin to the latest available version at least 4.4.7...