Lucene search
+L

107 matches found

Nuclei
Nuclei
added 10 hours ago16 views

WordPress Tourfic Plugin <= 2.11.7 - Cross-Site Scripting

The Tourfic plugin for WordPress is vulnerable to Reflected Cross-Site Scripting XSS in versions up to and including 2.11.7 due to insufficient input sanitization and output escaping in the 'place' parameter. id: CVE-2024-29137 info: name: WordPress Tourfic Plugin = 2.11.7 - Cross-Site Scripting...

7.1CVSS8.2AI score0.00622EPSS
Exploits0References4
NVD
NVD
added 6 days ago6 views

CVE-2026-57395

Missing Authorization vulnerability in Themefic Tourfic tourfic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tourfic: from n/a through = 2.22.5...

6.5CVSS0.00248EPSS
Exploits0References1
NVD
NVD
added 6 days ago4 views

CVE-2026-57392

Missing Authorization vulnerability in Themefic Tourfic tourfic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tourfic: from n/a through = 2.22.5...

6.5CVSS0.00242EPSS
Exploits0References1
CVE
CVE
added 6 days ago7 views

CVE-2026-57392

The CVE-2026-57392 entry concerns the WordPress Tourfic plugin (versions up to 2.22.5) with a Missing Authorization / Broken Access Control vulnerability. The root cause is misconfigured access control, enabling unauthorized access to protected resources or actions. Impact is described as broken ...

6.5CVSS6.1AI score0.00242EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-57395 WordPress Tourfic plugin <= 2.22.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Themefic Tourfic tourfic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tourfic: from n/a through = 2.22.5...

6.5CVSS0.00248EPSS
Exploits0References1
CVE
CVE
added 6 days ago9 views

CVE-2026-57395

CVE-2026-57395 affects the WordPress Tourfic plugin (versions

6.5CVSS6.1AI score0.00248EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago30 views

CVE-2026-57392 WordPress Tourfic plugin <= 2.22.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Themefic Tourfic tourfic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tourfic: from n/a through = 2.22.5...

6.5CVSS0.00242EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/07/08 9:34 a.m.5 views

WordPress Tourfic plugin <= 2.22.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Sandesh Gawai in WordPress Plugin Tourfic versions = 2.22.5...

6.5CVSS6.1AI score0.00248EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/07/08 9:0 a.m.5 views

WordPress Tourfic plugin <= 2.22.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Ramshath in WordPress Plugin Tourfic versions = 2.22.5...

6.5CVSS6.1AI score0.00242EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/06/26 3:16 p.m.8 views

CVE-2026-56064

Subscriber SQL Injection in Tourfic = 2.22.5 versions...

8.5CVSS0.00278EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:52 p.m.34 views

CVE-2026-56064 WordPress Tourfic plugin <= 2.22.5 - SQL Injection vulnerability

Subscriber SQL Injection in Tourfic = 2.22.5 versions...

8.5CVSS0.00278EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:52 p.m.13 views

CVE-2026-56064

CVE-2026-56064 describes a Subscriber SQL Injection in the WordPress Tourfic plugin versions ≤ 2.22.5. The connected sources confirm the vulnerability type and affected product; no concrete exploit path, mitigation, or fixed version is provided in the supplied documents. CVSSv3.1 metrics show a b...

8.5CVSS5.8AI score0.00278EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:52 p.m.7 views

EUVD-2026-39718

Subscriber SQL Injection in Tourfic = 2.22.5 versions...

8.5CVSS5.8AI score0.00278EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/25 8:21 a.m.8 views

WordPress Tourfic – AI Powered Travel Booking, Hotel Booking & Car Rental WordPress Plugin plugin <= 2.22.7 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by PRISM in WordPress Plugin Tourfic versions = 2.22.7...

7.5CVSS6AI score0.00304EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/25 8:16 a.m.11 views

CVE-2026-12937

The Tourfic – AI Powered Travel Booking, Hotel Booking & Car Rental WordPress Plugin plugin for WordPress is vulnerable to generic SQL Injection via the 'postid' parameter in all versions up to, and including, 2.22.7 due to insufficient escaping on the user supplied parameter and lack of sufficie...

7.5CVSS0.00304EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/25 6:51 a.m.33 views

CVE-2026-12937 Tourfic <= 2.22.7 - Unauthenticated SQL Injection via 'post_id' Parameter

The Tourfic – AI Powered Travel Booking, Hotel Booking & Car Rental WordPress Plugin plugin for WordPress is vulnerable to generic SQL Injection via the 'postid' parameter in all versions up to, and including, 2.22.7 due to insufficient escaping on the user supplied parameter and lack of sufficie...

7.5CVSS0.00304EPSS
Exploits0References5
CVE
CVE
added 2026/06/25 6:51 a.m.24 views

CVE-2026-12937

CVE-2026-12937 concerns the Tourfic WordPress plugin (versions ≤ 2.22.7). The issue is a generic SQL Injection via the post_id parameter caused by insufficient escaping and lack of prepared statements in the vulnerable SQL path. The vulnerability is exploitable by unauthenticated users, who can a...

7.5CVSS6AI score0.00304EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/04/10 7:23 p.m.4 views

CVE-2026-39543

Missing Authorization vulnerability in Themefic Tourfic tourfic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tourfic: from n/a through = 2.21.4...

5.3CVSS5.8AI score0.00221EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/08 9:31 a.m.4 views

EUVD-2026-20199

Missing Authorization vulnerability in Themefic Tourfic tourfic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tourfic: from n/a through = 2.21.4...

5.9AI score0.00221EPSS
Exploits0References2
NVD
NVD
added 2026/04/08 9:16 a.m.5 views

CVE-2026-39543

Missing Authorization vulnerability in Themefic Tourfic tourfic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tourfic: from n/a through = 2.21.4...

5.3CVSS0.00221EPSS
Exploits0References1
Rows per page
Query Builder