CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

99 matches found

WordPress Tourfic Plugin <= 2.11.7 - Cross-Site Scripting

The Tourfic plugin for WordPress is vulnerable to Reflected Cross-Site Scripting XSS in versions up to and including 2.11.7 due to insufficient input sanitization and output escaping in the 'place' parameter. id: CVE-2024-29137 info: name: WordPress Tourfic Plugin = 2.11.7 - Cross-Site Scripting...

7.1CVSS7.2AI score0.00622EPSS

Exploits0References4

NVD•added 3 days ago•6 views

CVE-2026-56064

Subscriber SQL Injection in Tourfic = 2.22.5 versions...

8.5CVSS0.00278EPSS

Exploits0References1

CVE•added 3 days ago•7 views

CVE-2026-56064

CVE-2026-56064 describes a Subscriber SQL Injection in the WordPress Tourfic plugin versions ≤ 2.22.5. The connected sources confirm the vulnerability type and affected product; no concrete exploit path, mitigation, or fixed version is provided in the supplied documents. CVSSv3.1 metrics show a b...

8.5CVSS5.8AI score0.00278EPSS

Exploits0References1

EUVD•added 3 days ago•4 views

EUVD-2026-39718

Subscriber SQL Injection in Tourfic = 2.22.5 versions...

8.5CVSS5.8AI score0.00278EPSS

Exploits0References1

Cvelist•added 3 days ago•31 views

CVE-2026-56064 WordPress Tourfic plugin <= 2.22.5 - SQL Injection vulnerability

Subscriber SQL Injection in Tourfic = 2.22.5 versions...

8.5CVSS0.00278EPSS

Exploits0References1

Patchstack•added 4 days ago•6 views

WordPress Tourfic – AI Powered Travel Booking, Hotel Booking & Car Rental WordPress Plugin plugin <= 2.22.7 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by PRISM in WordPress Plugin Tourfic versions = 2.22.7...

7.5CVSS6AI score0.00304EPSS

Exploits0References1Affected Software1

NVD•added 4 days ago•6 views

CVE-2026-12937

The Tourfic – AI Powered Travel Booking, Hotel Booking & Car Rental WordPress Plugin plugin for WordPress is vulnerable to generic SQL Injection via the 'postid' parameter in all versions up to, and including, 2.22.7 due to insufficient escaping on the user supplied parameter and lack of sufficie...

7.5CVSS0.00304EPSS

Exploits0References5

Cvelist•added 4 days ago•28 views

CVE-2026-12937 Tourfic <= 2.22.7 - Unauthenticated SQL Injection via 'post_id' Parameter

7.5CVSS0.00304EPSS

Exploits0References5

CVE•added 4 days ago•7 views

CVE-2026-12937

CVE-2026-12937 concerns the Tourfic WordPress plugin (versions ≤ 2.22.7). The issue is a generic SQL Injection via the post_id parameter caused by insufficient escaping and lack of prepared statements in the vulnerable SQL path. The vulnerability is exploitable by unauthenticated users, who can a...

7.5CVSS6AI score0.00304EPSS

Exploits0References5

RedhatCVE•added 2026/04/10 7:23 p.m.•1 views

CVE-2026-39543

Missing Authorization vulnerability in Themefic Tourfic tourfic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tourfic: from n/a through = 2.21.4...

5.3CVSS5.8AI score0.00221EPSS

Exploits0References1

EUVD•added 2026/04/08 9:31 a.m.•2 views

EUVD-2026-20199

Missing Authorization vulnerability in Themefic Tourfic tourfic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tourfic: from n/a through = 2.21.4...

5.9AI score0.00221EPSS

Exploits0References2

NVD•added 2026/04/08 9:16 a.m.•2 views

CVE-2026-39543

Missing Authorization vulnerability in Themefic Tourfic tourfic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tourfic: from n/a through = 2.21.4...

5.3CVSS0.00221EPSS

Exploits0References1

Vulnrichment•added 2026/04/08 8:30 a.m.•1 views

CVE-2026-39543 WordPress Tourfic plugin <= 2.21.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in Themefic Tourfic tourfic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tourfic: from n/a through = 2.21.4...

5.8AI score0.00221EPSS

Exploits0References1

ATTACKERKB•added 2026/04/08 8:30 a.m.•2 views

CVE-2026-39543

Missing Authorization vulnerability in Themefic Tourfic tourfic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tourfic: from n/a through = 2.21.4...

5.9AI score0.00221EPSS

Exploits0References2

CVE•added 2026/04/08 8:30 a.m.•7 views

CVE-2026-39543

CVE-2026-39543 affects the WordPress Tourfic plugin (versions

5.3CVSS5.9AI score0.00221EPSS

Exploits0References1

Cvelist•added 2026/04/08 8:30 a.m.•19 views

CVE-2026-39543 WordPress Tourfic plugin <= 2.21.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in Themefic Tourfic tourfic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tourfic: from n/a through = 2.21.4...

5.3CVSS0.00221EPSS

Exploits0References1

Positive Technologies•added 2026/04/08 12:0 a.m.•3 views

PT-2026-31150

CVE-2026-39543 Missing Authorization vulnerability in Themefic Tourfic tourfic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tourfic: fr… https://t.co/hCHVJGngBw...

5.3CVSS5.8AI score0.00221EPSS

Exploits0References3

CNNVD•added 2026/04/08 12:0 a.m.•4 views

WordPress plugin Tourfic 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

5.3CVSS5.8AI score0.00221EPSS

Exploits0References1

Patchstack•added 2026/03/28 3:54 a.m.•10 views

WordPress Tourfic plugin <= 2.21.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Bao - BlueRock in WordPress Plugin Tourfic versions = 2.21.4...

5.3CVSS5.9AI score0.00221EPSS

Exploits0Affected Software1

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2024-26173

Malicious code in bioql PyPI...

7.1CVSS8.8AI score0.00622EPSS

Exploits0References2