Lucene search
K

1733 matches found

Nuclei
Nuclei
added yesterday95 views

WordPress AB Google Map Travel <=3.4 - Stored Cross-Site Scripting

WordPress AB Google Map Travel plugin through 3.4 contains multiple stored cross-site scripting vulnerabilities. The plugin allows an attacker to hijack the administrator authentication for requests via the 1 lat Latitude, 2 long Longitude, 3 mapwidth, 4 mapheight, or 5 zoom Map Zoom parameters i...

6.8CVSS6AI score0.03831EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday7 views

WP Travel Engine <= 5.7.9 - SQL Injection

WP Travel Engine 5.7.9 and earlier contains a SQL injection caused by improper neutralization of special elements used in an SQL command, letting attackers execute arbitrary SQL queries, exploit requires user interaction. id: CVE-2024-30502 info: name: WP Travel Engine = 5.7.9 - SQL Injection...

9.8CVSS7.2AI score0.02267EPSS
Exploits0References4
NVD
NVD
added 2026/07/07 6:16 a.m.9 views

CVE-2026-10834

The WP Travel Engine WordPress plugin before 6.8.1 does not properly validate the source of a user-supplied profile image path before moving the file, allowing authenticated users with subscriber-level access and above to relocate arbitrary files within the WordPress uploads directory into their...

4.6CVSS0.00142EPSS
Exploits0References1
CVE
CVE
added 2026/07/07 6:0 a.m.17 views

CVE-2026-10834

The CVE covers the WP Travel Engine WordPress plugin (pre-6.8.1) where input validation for a user-supplied profile image path is insufficient before the file is moved. The vulnerability allows authenticated users with subscriber-level access or higher to relocate arbitrary files within the WordP...

4.6CVSS6AI score0.00142EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/07 6:0 a.m.36 views

CVE-2026-10834 WP Travel Engine < 6.8.1 - Subscriber+ Arbitrary Media File Move via user_profile_image

The WP Travel Engine WordPress plugin before 6.8.1 does not properly validate the source of a user-supplied profile image path before moving the file, allowing authenticated users with subscriber-level access and above to relocate arbitrary files within the WordPress uploads directory into their...

0.00142EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/07 6:0 a.m.7 views

EUVD-2026-42010

The WP Travel Engine WordPress plugin before 6.8.1 does not properly validate the source of a user-supplied profile image path before moving the file, allowing authenticated users with subscriber-level access and above to relocate arbitrary files within the WordPress uploads directory into their...

6AI score0.00142EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.9 views

PT-2026-56146

Name of the Vulnerable Software and Affected Versions WP Travel Engine versions prior to 6.8.1 Description Authenticated users with subscriber-level access and above can relocate arbitrary files within the WordPress uploads directory into their own profile-image path. This occurs because the plug...

4.6CVSS6.2AI score0.00142EPSS
Exploits0References5
NVD
NVD
added 2026/07/02 12:16 p.m.5 views

CVE-2025-69153

Unauthenticated Cross Site Scripting XSS in Trendy Travel = 6.7 versions...

7.1CVSS0.0018EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:14 a.m.13 views

CVE-2025-69153

Mode C: CVE-2025-69153 affects the WordPress Trendy Travel theme (≤ 6.7). The issue is an unauthenticated reflected XSS in the Trendy Travel theme, enabling injection of script via user interaction. Impact is listed as low for confidentiality, integrity, and availability, with a CVSS ~7.1 (NETWOR...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:14 a.m.8 views

CVE-2025-69153

Unauthenticated Cross Site Scripting XSS in Trendy Travel = 6.7 versions...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/02 11:14 a.m.33 views

CVE-2025-69153 WordPress Trendy Travel theme <= 6.7 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Trendy Travel = 6.7 versions...

7.1CVSS0.0018EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.12 views

PT-2026-54966

Name of the Vulnerable Software and Affected Versions Trendy Travel versions 6.7 and earlier Description An unauthenticated Cross Site Scripting XSS issue exists, allowing an attacker to execute malicious scripts in the browser of a user without requiring prior authentication. Recommendations...

7.1CVSS6AI score0.0018EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/06/30 1:29 p.m.5 views

WordPress Trendy Travel theme <= 6.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Trendy Travel versions = 6.8...

7.1CVSS6.1AI score0.0018EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/06/26 3:16 p.m.10 views

CVE-2026-56059

Subscriber Arbitrary File Upload in Travel Booking = 2.2.5 versions...

9.9CVSS0.00362EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:52 p.m.32 views

CVE-2026-56059 WordPress Travel Booking theme <= 2.2.5 - Arbitrary File Upload vulnerability

Subscriber Arbitrary File Upload in Travel Booking = 2.2.5 versions...

9.9CVSS0.00362EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:52 p.m.24 views

CVE-2026-56059

The CVE-2026-56059 entry concerns the WordPress Travel Booking theme version up to 2.2.5, which is affected by an arbitrary file upload vulnerability in Subscriber context. The linked sources (NVD/CVE records) confirm the affected product and version range and classify the severity as critical wi...

9.9CVSS5.8AI score0.00362EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:52 p.m.8 views

EUVD-2026-39713

Subscriber Arbitrary File Upload in Travel Booking = 2.2.5 versions...

9.9CVSS5.8AI score0.00362EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 2:17 p.m.13 views

CVE-2026-54808

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Travel WP Travel Gutenberg Blocks allows Blind SQL Injection. This issue affects WP Travel Gutenberg Blocks: from n/a through 3.9.4...

9.3CVSS0.00317EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 1:51 p.m.13 views

EUVD-2026-37713

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Travel WP Travel Gutenberg Blocks allows Blind SQL Injection. This issue affects WP Travel Gutenberg Blocks: from n/a through 3.9.4...

9.3CVSS5.6AI score0.00317EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.17 views

PT-2026-50416

Name of the Vulnerable Software and Affected Versions WP Travel Gutenberg Blocks versions prior to 3.9.4 Description Improper Neutralization of Special Elements used in an SQL Command allows Blind SQL Injection. Blind SQL Injection is a type of attack where the application does not return data...

9.3CVSS5.7AI score0.00317EPSS
Exploits0References4
Rows per page
Query Builder