CVE-2023-5932
- EPSS 0.05%
- Veröffentlicht 15.05.2025 20:15:28
- Zuletzt bearbeitet 04.06.2025 16:30:14
The Travelpayouts: All Travel Brands in One Place WordPress plugin before 1.1.14 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege us...
CVE-2023-5934
- EPSS 0.04%
- Veröffentlicht 15.05.2025 20:15:28
- Zuletzt bearbeitet 04.06.2025 16:37:15
The Travelpayouts: All Travel Brands in One Place WordPress plugin before 1.1.13 does not have CSRF check in place when importing settings from the v1, which could allow attackers to make a logged in admin update some settings via a CSRF attack
CVE-2024-0337
- EPSS 1.76%
- Veröffentlicht 20.03.2024 05:15:45
- Zuletzt bearbeitet 05.05.2025 18:48:54
The Travelpayouts: All Travel Brands in One Place WordPress plugin through 1.1.15 is vulnerable to Open Redirect due to insufficient validation on the travelpayouts_redirect variable. This makes it possible for unauthenticated attackers to redirect u...