CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

32 matches found

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-11101

Malicious code in bioql PyPI...

7.1CVSS7.7AI score0.00257EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-28204

Malicious code in bioql PyPI...

8.1CVSS7.9AI score0.00547EPSS

Exploits0References1

RedhatCVE•added 2025/05/25 1:19 p.m.•5 views

CVE-2025-48292

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in GoodLayers Tourmaster tourmaster allows PHP Local File Inclusion.This issue affects Tourmaster: from n/a through = 5.3.8...

8.1CVSS5.9AI score0.00547EPSS

Exploits0References1

NVD•added 2025/05/23 1:15 p.m.•7 views

CVE-2025-48292

8.1CVSS0.00547EPSS

Exploits0References1

CVE•added 2025/05/23 12:43 p.m.•45 views

CVE-2025-48292

This entry describes CVE-2025-48292 affecting GoodLayers Tourmaster (WordPress plugin) up to version 5.3.8. The vulnerability is an improper control of filenames for include/require statements (PHP Remote File Inclusion), resulting in PHP Local File Inclusion. According to connected sources, it c...

8.1CVSS5.9AI score0.00547EPSS

Exploits0References1

Cvelist•added 2025/05/23 12:43 p.m.•12 views

CVE-2025-48292 WordPress Tourmaster plugin <= 5.3.8 - Local File Inclusion vulnerability

8.1CVSS0.00547EPSS

Exploits0References1

Vulnrichment•added 2025/05/23 12:43 p.m.•4 views

CVE-2025-48292 WordPress Tourmaster plugin <= 5.3.8 - Local File Inclusion vulnerability

8.1CVSS5.9AI score0.00547EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 7:10 a.m.•2 views

CVE-2024-12400

The tourmaster WordPress plugin before 5.3.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting...

7.1CVSS6.7AI score0.00096EPSS

Exploits1References1

CNNVD•added 2025/05/23 12:0 a.m.•1 views

WordPress plugin Tourmaster 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

8.1CVSS7.6AI score0.00547EPSS

Exploits0References1

Positive Technologies•added 2025/05/23 12:0 a.m.•1 views

PT-2025-22791 · Goodlayers · Goodlayers Tourmaster

Name of the Vulnerable Software and Affected Versions: GoodLayers Tourmaster versions through 5.3.8 Description: The issue is related to improper control of filename for include/require statement in PHP programs, also known as 'PHP Remote File Inclusion', which allows PHP Local File Inclusion...

8.1CVSS7.9AI score0.00547EPSS

Exploits0References3

Patchstack•added 2025/05/21 11:47 a.m.•4 views

WordPress Tourmaster plugin <= 5.3.8 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Plugin Tourmaster versions = 5.3.8...

8.1CVSS6.7AI score0.00547EPSS

Exploits0Affected Software1

RedhatCVE•added 2025/04/17 10:57 p.m.•10 views

CVE-2025-32923

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GoodLayers Tourmaster tourmaster allows Reflected XSS.This issue affects Tourmaster: from n/a through 5.4.1...

7.1CVSS7.2AI score0.00257EPSS

Exploits0References1

NVD•added 2025/04/15 10:15 p.m.•10 views

CVE-2025-32923

7.1CVSS0.00257EPSS

Exploits0References1

CVE•added 2025/04/15 9:53 p.m.•50 views

CVE-2025-32923

CVE-2025-32923 concerns the WordPress plugin Tourmaster (Tour Master – Tour Booking, Travel, Hotel) prior to version 5.4.1. It is a reflected XSS caused by improper input neutralization during web page generation. A fix is available in version 5.4.1 (patched).

7.1CVSS7.2AI score0.00257EPSS

Exploits0References1

Cvelist•added 2025/04/15 9:53 p.m.•12 views

CVE-2025-32923 WordPress Tourmaster plugin < 5.4.1 - Cross Site Scripting (XSS) vulnerability

7.1CVSS0.00257EPSS

Exploits0References1

Vulnrichment•added 2025/04/15 9:53 p.m.•0 views

CVE-2025-32923 WordPress Tourmaster plugin < 5.4.1 - Cross Site Scripting (XSS) vulnerability

7.1CVSS8.6AI score0.00257EPSS

Exploits0References1

CNNVD•added 2025/04/15 12:0 a.m.•1 views

WordPress plugin Tourmaster 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

7.1CVSS7AI score0.00257EPSS

Exploits0References2

Patchstack•added 2025/02/17 10:22 p.m.•2 views

WordPress Tour Master plugin <= 5.3.6 - Authenticated (Subscriber+) SQL Injection via review_id Parameter vulnerability

Authenticated Subscriber+ SQL Injection via reviewid Parameter vulnerability discovered by Aiden Thái An in WordPress Plugin Tourmaster versions = 5.3.6...

8.8CVSS8.1AI score0.00089EPSS

Exploits0References1Affected Software1

Patchstack•added 2025/01/30 8:9 a.m.•2 views

WordPress Tourmaster plugin < 5.3.5 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Erwan LR WPScan in WordPress Plugin Tourmaster versions 5.3.5...

7.1CVSS6.4AI score0.00096EPSS

Exploits1References1Affected Software1

NVD•added 2025/01/30 6:15 a.m.•6 views

CVE-2024-12400

The tourmaster WordPress plugin before 5.3.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting...

7.1CVSS0.00096EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by