14 matches found
CVE-2026-49770
Unauthenticated PHP Object Injection in WP Travel Engine = 6.7.12 versions...
CVE-2026-49078
Unauthenticated Other Vulnerability Type in WP Travel Engine = 6.7.10 versions...
EUVD-2026-36893
Unauthenticated PHP Object Injection in WP Travel Engine = 6.7.12 versions...
CVE-2026-49078 WordPress WP Travel Engine plugin <= 6.7.10 - Other Vulnerability Type vulnerability
Unauthenticated Other Vulnerability Type in WP Travel Engine = 6.7.10 versions...
PT-2026-49169
Name of the Vulnerable Software and Affected Versions WP Travel Engine versions prior to 6.7.11 Description An unauthenticated issue exists in the WP Travel Engine plugin that allows for an unspecified vulnerability type to be exploited without requiring user authentication. Recommendations Updat...
CVE-2025-7526 WP Travel Engine – Tour Booking Plugin – Tour Operator Software <= 6.6.7 - Authenticated (Subscriber+) Arbitrary File Deletion via File Renaming
The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to arbitrary file deletion via renaming due to insufficient file path validation in the setuserprofileimage function in all versions up to, and including, 6.6.7. This makes it possible for...
PT-2025-39048
Name of the Vulnerable Software and Affected Versions WP Travel Engine versions through 1.4.2 Description The software contains a flaw related to improper input handling during web page generation, which allows for Cross-site Scripting XSS. This specific instance is a Stored XSS issue, meaning...
CVE-2025-5282
The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the deletepackage function in all versions up to, and including, 6.5.1. This makes it possible for unauthenticated attackers to...
CVE-2025-30871
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in WP Travel Engine WP Travel Engine wp-travel-engine allows PHP Local File Inclusion.This issue affects WP Travel Engine: from n/a through = 6.3.5...
WordPress plugin WP Travel Engine 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
CVE-2024-10606
The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpteonboardsavefunctioncallback function in all versions up to, and including, 6.2.1. This makes it possible for...
CVE-2024-37944
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WP Travel Engine allows Stored XSS.This issue affects WP Travel Engine: from n/a through 5.9.1...
PT-2024-24871 · WordPress · Wp Travel Engine
Name of the Vulnerable Software and Affected Versions: WP Travel Engine versions prior to 5.8.0 Description: The issue is related to a Missing Authorization vulnerability in WP Travel Engine. This vulnerability affects WP Travel Engine versions prior to 5.8.0. Recommendations: For WP Travel Engin...
PT-2024-23429
Name of the Vulnerable Software and Affected Versions WP Travel Engine versions through 5.7.9 Description The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for potential exploitation by injecting malicious...