Wptravelengine

Wp Travel Engine

11 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2025-59574

  • EPSS 0.03%
  • Published 22.09.2025 19:16:25
  • Last modified 22.09.2025 21:22:16

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Travel Engine WP Travel Engine allows Stored XSS. This issue affects WP Travel Engine: from n/a through 1.4.2.

7.5

CVE-2025-5282

  • EPSS 0.1%
  • Published 13.06.2025 03:41:45
  • Last modified 10.07.2025 00:35:40

The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_package() function in all versions up to, and including, 6.5.1. This m...

7.5

CVE-2025-49308

  • EPSS 0.22%
  • Published 06.06.2025 12:53:49
  • Last modified 06.06.2025 14:06:58

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Travel Engine WP Travel Engine allows PHP Local File Inclusion. This issue affects WP Travel Engine: from n/a through 6.5.1.

9.8

CVE-2025-30870

  • EPSS 0.11%
  • Published 01.04.2025 06:15:53
  • Last modified 27.05.2025 18:39:31

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Travel Engine WP Travel Engine allows PHP Local File Inclusion. This issue affects WP Travel Engine: from n/a through 6.3.5.

7.5

CVE-2025-30871

  • EPSS 0.11%
  • Published 27.03.2025 10:55:36
  • Last modified 09.06.2025 19:04:53

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Travel Engine WP Travel Engine allows PHP Local File Inclusion. This issue affects WP Travel Engine: from n/a through 6.3.5.

4.3

CVE-2024-10606

  • EPSS 0.09%
  • Published 23.11.2024 05:15:05
  • Last modified 11.02.2025 17:40:39

The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpte_onboard_save_function_callback() function in all versions up to,...

5.4

CVE-2024-37944

  • EPSS 0.12%
  • Published 20.07.2024 09:15:06
  • Last modified 11.02.2025 21:44:38

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Travel Engine allows Stored XSS.This issue affects WP Travel Engine: from n/a through 5.9.1.

5.3

CVE-2024-32798

  • EPSS 0.24%
  • Published 09.06.2024 13:15:51
  • Last modified 10.02.2025 15:47:49

Missing Authorization vulnerability in WP Travel Engine.This issue affects WP Travel Engine: from n/a through 5.8.0.

9.8

CVE-2024-30502

  • EPSS 0.59%
  • Published 29.03.2024 15:15:13
  • Last modified 11.02.2025 16:18:02

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel Engine.This issue affects WP Travel Engine: from n/a through 5.7.9.

7.2

CVE-2024-30504

  • EPSS 0.56%
  • Published 29.03.2024 15:15:13
  • Last modified 11.02.2025 16:14:45

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel Engine.This issue affects WP Travel Engine: from n/a through 5.7.9.