WordPress Tourfic plugin <= 2.21.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Bao - BlueRock in WordPress Plugin Tourfic versions = 2.21.4...

CVE-2025-24650

CVE-2025-24650 is a WordPress Tourfic plugin vulnerability (versions

CVE-2025-24650 WordPress Tourfic plugin <= 2.15.3 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Tourfic allows Upload a Web Shell to a Web Server. This issue affects Tourfic: from n/a through 2.15.3...

WordPress Tourfic Plugin <= 2.11.20 is vulnerable to Cross Site Request Forgery (CSRF)

Software Tourfic Type Plugin Vulnerable versions = 2.11.20 Fixed in 2.11.21 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-8319 Patch priority Low CVSS severity Low 4.3 Developer Themefic PSID 59cc85267376 Credits WordFence Required privilege...

WordPress Tourfic Plugin <= 2.11.15 is vulnerable to Arbitrary File Upload

Software Tourfic Type Plugin Vulnerable versions = 2.11.15 Fixed in 2.11.16 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-29135 Patch priority High CVSS severity High 9.9 Developer Themefic PSID b543d4424f73 Credits LVT-tholv2k Required privilege Subscriber Publishe...

WordPress Tourfic Plugin <= 2.11.8 is vulnerable to Cross Site Scripting (XSS)

Software Tourfic Type Plugin Vulnerable versions = 2.11.8 Fixed in 2.11.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29134 Patch priority Low CVSS severity Low 6.5 Developer Themefic PSID a61f73e8cf31 Credits LVT-tholv2k Required privilege Contributor Publishe...