Lucene search
K

14 matches found

NVD
NVD
added 2026/06/15 9:17 p.m.10 views

CVE-2026-49770

Unauthenticated PHP Object Injection in WP Travel Engine = 6.7.12 versions...

9.8CVSS0.00383EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:17 p.m.10 views

CVE-2026-49078

Unauthenticated Other Vulnerability Type in WP Travel Engine = 6.7.10 versions...

7.5CVSS0.00252EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 8:19 p.m.9 views

EUVD-2026-36893

Unauthenticated PHP Object Injection in WP Travel Engine = 6.7.12 versions...

9.8CVSS5.3AI score0.00383EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:19 p.m.27 views

CVE-2026-49078 WordPress WP Travel Engine plugin <= 6.7.10 - Other Vulnerability Type vulnerability

Unauthenticated Other Vulnerability Type in WP Travel Engine = 6.7.10 versions...

7.5CVSS0.00252EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/14 12:0 a.m.11 views

PT-2026-49169

Name of the Vulnerable Software and Affected Versions WP Travel Engine versions prior to 6.7.11 Description An unauthenticated issue exists in the WP Travel Engine plugin that allows for an unspecified vulnerability type to be exploited without requiring user authentication. Recommendations Updat...

7.5CVSS5.2AI score0.00252EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/09 5:23 a.m.5 views

CVE-2025-7526 WP Travel Engine – Tour Booking Plugin – Tour Operator Software <= 6.6.7 - Authenticated (Subscriber+) Arbitrary File Deletion via File Renaming

The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to arbitrary file deletion via renaming due to insufficient file path validation in the setuserprofileimage function in all versions up to, and including, 6.6.7. This makes it possible for...

9.8CVSS7.2AI score0.00834EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/22 12:0 a.m.6 views

PT-2025-39048

Name of the Vulnerable Software and Affected Versions WP Travel Engine versions through 1.4.2 Description The software contains a flaw related to improper input handling during web page generation, which allows for Cross-site Scripting XSS. This specific instance is a Stored XSS issue, meaning...

6.5CVSS5.5AI score0.00159EPSS
Exploits0References4
OSV
OSV
added 2025/06/13 4:15 a.m.3 views

CVE-2025-5282

The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the deletepackage function in all versions up to, and including, 6.5.1. This makes it possible for unauthenticated attackers to...

7.5CVSS5.9AI score0.0026EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2025/03/27 11:15 a.m.3 views

CVE-2025-30871

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in WP Travel Engine WP Travel Engine wp-travel-engine allows PHP Local File Inclusion.This issue affects WP Travel Engine: from n/a through = 6.3.5...

7.5CVSS7.2AI score0.00905EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/03/27 12:0 a.m.4 views

WordPress plugin WP Travel Engine 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

7.5CVSS8.5AI score0.00905EPSS
Exploits0References2
OSV
OSV
added 2024/11/23 5:15 a.m.3 views

CVE-2024-10606

The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpteonboardsavefunctioncallback function in all versions up to, and including, 6.2.1. This makes it possible for...

4.3CVSS7.3AI score0.00297EPSS
Exploits0References2
OSV
OSV
added 2024/07/20 9:15 a.m.4 views

CVE-2024-37944

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WP Travel Engine allows Stored XSS.This issue affects WP Travel Engine: from n/a through 5.9.1...

5.4CVSS5.8AI score0.00277EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/06/09 12:0 a.m.6 views

PT-2024-24871 · WordPress · Wp Travel Engine

Name of the Vulnerable Software and Affected Versions: WP Travel Engine versions prior to 5.8.0 Description: The issue is related to a Missing Authorization vulnerability in WP Travel Engine. This vulnerability affects WP Travel Engine versions prior to 5.8.0. Recommendations: For WP Travel Engin...

7.5CVSS6.7AI score0.0034EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/03/29 12:0 a.m.4 views

PT-2024-23429

Name of the Vulnerable Software and Affected Versions WP Travel Engine versions through 5.7.9 Description The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for potential exploitation by injecting malicious...

9.8CVSS7.3AI score0.02267EPSS
Exploits0References6
Rows per page
Query Builder