Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2025/06/15 4:10 a.m.6 views

CVE-2025-5282

The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the deletepackage function in all versions up to, and including, 6.5.1. This makes it possible for unauthenticated attackers to...

7.5CVSS7.3AI score0.0026EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/06/13 6:51 a.m.11 views

WordPress WP Travel Engine plugin <= 6.5.1 - Missing Authorization to Unauthenticated Arbitrary Post Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary Post Deletion vulnerability discovered by mikemyers in WordPress Plugin WP Travel Engine versions = 6.5.1...

7.5CVSS6.8AI score0.0026EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/06/13 4:15 a.m.15 views

CVE-2025-5282

The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the deletepackage function in all versions up to, and including, 6.5.1. This makes it possible for unauthenticated attackers to...

7.5CVSS0.0026EPSS
Exploits0References2
OSV
OSV
added 2025/06/13 4:15 a.m.4 views

CVE-2025-5282

The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the deletepackage function in all versions up to, and including, 6.5.1. This makes it possible for unauthenticated attackers to...

7.5CVSS5.9AI score0.0026EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/06/13 3:41 a.m.5 views

CVE-2025-5282 WP Travel Engine <= 6.5.1 - Missing Authorization to Unauthenticated Arbitrary Post Deletion

The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the deletepackage function in all versions up to, and including, 6.5.1. This makes it possible for unauthenticated attackers to...

7.5CVSS7.4AI score0.0026EPSS
Exploits0References2
CVE
CVE
added 2025/06/13 3:41 a.m.59 views

CVE-2025-5282

CVE-2025-5282 : WP Travel Engine – Tour Booking Plugin (WordPress) versions up to and including 6.5.1 are vulnerable due to a missing capability check in delete_package(), allowing unauthenticated attackers to delete arbitrary posts. The issue is confirmed in multiple sources (NVD entry, Red Hat ...

7.5CVSS7.4AI score0.0026EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/06/13 3:41 a.m.15 views

CVE-2025-5282 WP Travel Engine <= 6.5.1 - Missing Authorization to Unauthenticated Arbitrary Post Deletion

The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the deletepackage function in all versions up to, and including, 6.5.1. This makes it possible for unauthenticated attackers to...

7.5CVSS0.0026EPSS
Exploits0References2
Rows per page
Query Builder