Lucene search
K

5 matches found

Cvelist
Cvelist
added 2026/05/29 2:29 p.m.52 views

CVE-2026-4290 WP Travel Pro <= 10.6.0 - Missing Authorization to Unauthenticated Arbitrary User Deletion Including Administrators

The WP Travel Pro plugin for WordPress is vulnerable to arbitrary user deletion via the /wp-json/wp-travel/v1/travel-guide/userid REST API endpoint in all versions up to, and including, 10.6.0. This is due to the checkpermission callback unconditionally returning true and the Database::delete...

9.1CVSS0.00258EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/12 11:2 a.m.10 views

CVE-2026-45218

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Travel WP Travel wp-travel allows Blind SQL Injection.This issue affects WP Travel: from n/a through = 11.4.0...

7.7CVSS5.8AI score0.00209EPSS
Exploits0References2
NVD
NVD
added 2026/04/09 9:16 p.m.14 views

CVE-2023-54358

WordPress adivaha Travel Plugin 2.3 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the isMobile parameter. Attackers can craft malicious URLs containing JavaScript payloads in the isMobile GET parameter at...

6.1CVSS0.00263EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/22 8:50 p.m.7 views

CVE-2021-4389

The WP Travel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.4.6. This is due to missing or incorrect nonce validation on the savemetadata function. This makes it possible for unauthenticated attackers to save metadata for travel posts via a...

4.3CVSS5.8AI score0.00464EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/01/02 12:0 a.m.7 views

PT-2025-1534 · Wp Travel · Wp Travel

Name of the Vulnerable Software and Affected Versions: WP Travel versions prior to 7.8.0 Description: The issue is related to missing authorization in WP Travel, allowing exploitation of incorrectly configured access control security levels. Recommendations: For versions prior to 7.8.0, update to...

7.5CVSS9.5AI score0.00412EPSS
Exploits0References3
Rows per page
Query Builder