CVE-2026-27331 WordPress WpTravelly plugin <= 2.1.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Magepeople inc. WpTravelly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpTravelly: from n/a through 2.1.5...

CVE-2026-27331

Summary: CVE-2026-27331 affects the WordPress plugin WpTravelly (

CVE-2024-0434

The WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ttbmnewplacesave' function in all versions up to, and including, 1.7.1. This makes it possible for...

CVE-2025-30892 WordPress WpTravelly Plugin <= 1.8.7 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in magepeopleteam WpTravelly tour-booking-manager allows Object Injection.This issue affects WpTravelly: from n/a through = 1.8.7...

CVE-2025-30892

WpTravelly (WordPress Tour & Travel Booking Plugin) has a Deserialization of Untrusted Data vulnerability enabling PHP Object Injection in versions up to 1.8.7. The vulnerability has a high overall impact (CVSS 3.1: 8.8) affecting confidentiality, integrity, and availability. The issue is labeled...

WordPress plugin WpTravelly 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2025-22737 WordPress WpTravelly Plugin <= 1.8.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in magepeopleteam WpTravelly tour-booking-manager allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WpTravelly: from n/a through = 1.8.5...

CVE-2025-22737 WordPress WpTravelly Plugin <= 1.8.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in magepeopleteam WpTravelly tour-booking-manager allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WpTravelly: from n/a through = 1.8.5...

CVE-2025-22737

CVE-2025-22737 describes a Missing Authorization vulnerability in MagePeople Team WpTravelly (WordPress plugin/component). The description across sources indicates that access to certain functionality is not properly constrained by ACLs in WpTravelly versions up to 1.8.5. The CVSS vector from Pat...

WordPress plugin WpTravelly 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress WpTravelly Plugin <= 1.8.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by thiennv Patchstack Alliance in WordPress Plugin WpTravelly versions = 1.8.5...

WordPress WpTravelly plugin <= 1.7.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin WpTravelly versions = 1.7.7...

PT-2024-15558 · WordPress · Wptravelly

Name of the Vulnerable Software and Affected Versions: WpTravelly plugin for WordPress versions prior to 1.7.2 Description: The issue allows unauthorized modification of data due to a missing capability check on the ttbm new place save function. This enables unauthenticated attackers to create an...