33 matches found
CVE-2026-25449
CVE-2026-25449 : The WordPress Traveler theme (Shinetheme Traveler) is affected prior to version 3.2.8.1 by a PHP object injection vulnerability caused by deserialization of untrusted data. The issue affects Traveler components (described as before 3.2.8.1) and is rated critical (CVSS 3.1 base sc...
CVE-2026-25449 WordPress Traveler theme < 3.2.8.1 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Shinetheme Traveler allows Object Injection.This issue affects Traveler: from n/a before 3.2.8.1...
CVE-2026-25449 WordPress Traveler theme < 3.2.8.1 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in shinetheme Traveler traveler allows Object Injection.This issue affects Traveler: from n/a through 3.2.8.1...
PT-2026-26058
🚨 CVE-2026-25449: WordPress Traveler theme 3.2.8... PHP object injection in WordPress Traveler theme with 9.8 CVSS and zero auth requirements - RCE goldmine for mass WordP... https://t.co/VFpIhT0XqE netsec vulnerability CVE sysadmin zeroday...
WordPress Traveler theme < 3.2.8 - SQL Injection vulnerability
SQL Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Traveler versions 3.2.8...
CVE-2026-24367 WordPress Traveler theme < 3.2.8 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in shinetheme Traveler traveler allows Blind SQL Injection.This issue affects Traveler: from n/a through 3.2.8...
CVE-2026-24367
CVE-2026-24367 (WordPress Traveler theme) is a SQL Injection vulnerability in Traveler that allows blind SQL injection. Affected software: Traveler versions before 3.2.8 (i.e.,
CVE-2025-67917 WordPress Traveler theme <= 3.2.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in shinetheme Traveler traveler allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Traveler: from n/a through = 3.2.6...
CVE-2025-67917 WordPress Traveler theme <= 3.2.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in shinetheme Traveler traveler allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Traveler: from n/a through = 3.2.6...
CVE-2025-67917
CVE-2025-67917 describes a Missing Authorization vulnerability in Travel Traveler (Travel Booking WordPress Theme), affecting Travel Traveler up to version 3.2.6. The root cause is incorrectly configured access control that could allow unauthorized access to certain resources. Wordfence documenta...
CVE-2025-64371 WordPress Traveler theme < 3.2.6 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in shinetheme Traveler traveler allows Blind SQL Injection.This issue affects Traveler: from n/a through 3.2.6...
CVE-2025-64371
The CVE-2025-64371 entry concerns the WordPress Traveler theme (Traveler) with a SQL Injection vulnerability in versions prior to 3.2.6. The root cause is improper neutralization of special elements in SQL commands, enabling Blind SQL Injection. Affected product/version: WordPress Traveler theme ...
CVE-2025-63028 WordPress Traveler theme <= 3.2.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in shinetheme Traveler traveler allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Traveler: from n/a through = 3.2.6...
CVE-2025-63028
CVE-2025-63028 : WordPress Traveler theme (Traveller)
WordPress Traveler theme < 3.2.6 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Traveler versions 3.2.6...
CVE-2025-59012 WordPress Traveler theme < 3.2.3 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in shinetheme Traveler traveler allows Reflected XSS.This issue affects Traveler: from n/a through 3.2.3...
CVE-2025-59012 WordPress Traveler theme < 3.2.3 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in shinetheme Traveler traveler allows Reflected XSS.This issue affects Traveler: from n/a through 3.2.3...
CVE-2025-59011 WordPress Traveler Theme < 3.2.3 - Arbitrary Content Deletion Vulnerability
Missing Authorization vulnerability in shinetheme Traveler traveler allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Traveler: from n/a through 3.2.3...
CVE-2025-59011 WordPress Traveler Theme < 3.2.3 - Arbitrary Content Deletion Vulnerability
Missing Authorization vulnerability in shinetheme Traveler traveler allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Traveler: from n/a through 3.2.3...
WordPress Traveler theme < 3.2.3 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Traveler versions 3.2.3...