Lucene search
K

41 matches found

Cvelist
Cvelist
added 5 days ago30 views

CVE-2026-56059 WordPress Travel Booking theme <= 2.2.5 - Arbitrary File Upload vulnerability

Subscriber Arbitrary File Upload in Travel Booking = 2.2.5 versions...

9.9CVSS0.00362EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 2:17 p.m.10 views

CVE-2026-54808

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Travel WP Travel Gutenberg Blocks allows Blind SQL Injection. This issue affects WP Travel Gutenberg Blocks: from n/a through 3.9.4...

9.3CVSS0.00317EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 1:51 p.m.10 views

EUVD-2026-37713

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Travel WP Travel Gutenberg Blocks allows Blind SQL Injection. This issue affects WP Travel Gutenberg Blocks: from n/a through 3.9.4...

9.3CVSS5.6AI score0.00317EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:17 p.m.10 views

CVE-2026-49770

Unauthenticated PHP Object Injection in WP Travel Engine = 6.7.12 versions...

9.8CVSS0.00383EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:17 p.m.10 views

CVE-2026-49078

Unauthenticated Other Vulnerability Type in WP Travel Engine = 6.7.10 versions...

7.5CVSS0.00252EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 8:19 p.m.9 views

EUVD-2026-36893

Unauthenticated PHP Object Injection in WP Travel Engine = 6.7.12 versions...

9.8CVSS5.3AI score0.00383EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:19 p.m.27 views

CVE-2026-49078 WordPress WP Travel Engine plugin <= 6.7.10 - Other Vulnerability Type vulnerability

Unauthenticated Other Vulnerability Type in WP Travel Engine = 6.7.10 versions...

7.5CVSS0.00252EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/14 12:0 a.m.11 views

PT-2026-49169

Name of the Vulnerable Software and Affected Versions WP Travel Engine versions prior to 6.7.11 Description An unauthenticated issue exists in the WP Travel Engine plugin that allows for an unspecified vulnerability type to be exploited without requiring user authentication. Recommendations Updat...

7.5CVSS5.2AI score0.00252EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/29 2:29 p.m.48 views

CVE-2026-4290 WP Travel Pro <= 10.6.0 - Missing Authorization to Unauthenticated Arbitrary User Deletion Including Administrators

The WP Travel Pro plugin for WordPress is vulnerable to arbitrary user deletion via the /wp-json/wp-travel/v1/travel-guide/userid REST API endpoint in all versions up to, and including, 10.6.0. This is due to the checkpermission callback unconditionally returning true and the Database::delete...

9.1CVSS0.00258EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/29 2:29 p.m.11 views

CVE-2026-4290

The WP Travel Pro plugin for WordPress is vulnerable to arbitrary user deletion via the /wp-json/wp-travel/v1/travel-guide/userid REST API endpoint in all versions up to, and including, 10.6.0. This is due to the checkpermission callback unconditionally returning true and the Database::delete...

9.1CVSS5.9AI score0.00258EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/12 11:2 a.m.9 views

CVE-2026-45218

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Travel WP Travel wp-travel allows Blind SQL Injection.This issue affects WP Travel: from n/a through = 11.4.0...

7.7CVSS5.8AI score0.00209EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.10 views

PT-2026-40016

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Travel WP Travel wp-travel allows Blind SQL Injection.This issue affects WP Travel: from n/a through = 11.4.0...

7.7CVSS5.8AI score0.00209EPSS
Exploits0References2
NVD
NVD
added 2026/04/09 9:16 p.m.9 views

CVE-2023-54358

WordPress adivaha Travel Plugin 2.3 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the isMobile parameter. Attackers can craft malicious URLs containing JavaScript payloads in the isMobile GET parameter at...

6.1CVSS0.00263EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/13 11:42 a.m.5 views

CVE-2026-32486 WordPress Travel Booking theme <= 1.3.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in wptravelengine Travel Booking travel-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Booking: from n/a through = 1.3.9...

5.8AI score0.00188EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/13 11:42 a.m.29 views

CVE-2026-32486 WordPress Travel Booking theme <= 1.3.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in wptravelengine Travel Booking travel-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Booking: from n/a through = 1.3.9...

5.3CVSS0.00188EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/13 11:41 a.m.29 views

CVE-2026-32346 WordPress Travel Agency theme <= 1.5.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in raratheme Travel Agency travel-agency allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Agency: from n/a through = 1.5.5...

5.3CVSS0.00214EPSS
Exploits0References1
CVE
CVE
added 2026/01/23 2:29 p.m.10 views

CVE-2026-24607

CVE-2026-24607: Travel Monster WordPress theme up to 1.3.3 suffers Missing Authorization (Broken Access Control). The vulnerability affects Travel Monster (WordPress theme) and is currently unpatched according to sources, with advisories indicating to upgrade to a version later than 1.3.3. No exp...

5.3CVSS5.4AI score0.00352EPSS
Exploits0References1
CVE
CVE
added 2026/01/23 2:28 p.m.11 views

CVE-2026-24568

CVE-2026-24568 (WP Travel) has concrete details: a Missing/Broken Authorization flaw in the WP Travel plugin, affecting versions up to and including 11.0.0. The issue arises from incorrectly configured access control security levels, enabling unauthorized access or actions. Public sources also in...

5.3CVSS5.9AI score0.00214EPSS
Exploits0References1
NVD
NVD
added 2025/10/22 3:16 p.m.20 views

CVE-2025-62063

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Travel WP Travel Gutenberg Blocks wp-travel-blocks.This issue affects WP Travel Gutenberg Blocks: from n/a through = 3.9.2...

6.5CVSS0.0016EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/09 5:23 a.m.5 views

CVE-2025-7526 WP Travel Engine – Tour Booking Plugin – Tour Operator Software <= 6.6.7 - Authenticated (Subscriber+) Arbitrary File Deletion via File Renaming

The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to arbitrary file deletion via renaming due to insufficient file path validation in the setuserprofileimage function in all versions up to, and including, 6.6.7. This makes it possible for...

9.8CVSS7.2AI score0.00834EPSS
Exploits0References2
Rows per page
Query Builder