7 matches found
CVE-2025-5282
The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the deletepackage function in all versions up to, and including, 6.5.1. This makes it possible for unauthenticated attackers to...
WordPress WP Travel Engine plugin <= 6.5.1 - Missing Authorization to Unauthenticated Arbitrary Post Deletion vulnerability
Missing Authorization to Unauthenticated Arbitrary Post Deletion vulnerability discovered by mikemyers in WordPress Plugin WP Travel Engine versions = 6.5.1...
CVE-2025-5282
The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the deletepackage function in all versions up to, and including, 6.5.1. This makes it possible for unauthenticated attackers to...
CVE-2025-5282
The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the deletepackage function in all versions up to, and including, 6.5.1. This makes it possible for unauthenticated attackers to...
CVE-2025-5282 WP Travel Engine <= 6.5.1 - Missing Authorization to Unauthenticated Arbitrary Post Deletion
The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the deletepackage function in all versions up to, and including, 6.5.1. This makes it possible for unauthenticated attackers to...
CVE-2025-5282
CVE-2025-5282 : WP Travel Engine – Tour Booking Plugin (WordPress) versions up to and including 6.5.1 are vulnerable due to a missing capability check in delete_package(), allowing unauthenticated attackers to delete arbitrary posts. The issue is confirmed in multiple sources (NVD entry, Red Hat ...
CVE-2025-5282 WP Travel Engine <= 6.5.1 - Missing Authorization to Unauthenticated Arbitrary Post Deletion
The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the deletepackage function in all versions up to, and including, 6.5.1. This makes it possible for unauthenticated attackers to...