CVE-2025-48292
- EPSS 0.32%
- Veröffentlicht 23.05.2025 12:43:13
- Zuletzt bearbeitet 15.04.2026 00:35:42
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in GoodLayers Tourmaster tourmaster allows PHP Local File Inclusion.This issue affects Tourmaster: from n/a through <= 5.3.8.
CVE-2024-13369
- EPSS 0.09%
- Veröffentlicht 18.02.2025 10:15:10
- Zuletzt bearbeitet 08.04.2026 18:20:00
The Tour Master - Tour Booking, Travel, Hotel plugin for WordPress is vulnerable to time-based SQL Injection via the ‘review_id’ parameter in all versions up to, and including, 5.3.7 due to insufficient escaping on the user supplied parameter and lac...
CVE-2024-12400
- EPSS 0.1%
- Veröffentlicht 30.01.2025 06:15:29
- Zuletzt bearbeitet 09.06.2025 21:20:17
The tourmaster WordPress plugin before 5.3.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting.
CVE-2024-11356
- EPSS 0.94%
- Veröffentlicht 06.01.2025 06:15:06
- Zuletzt bearbeitet 05.06.2025 21:06:45
The tourmaster WordPress plugin before 5.3.4 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site Scripting attacks.