Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Vulnerability List
Clear Filters
Found 47 results
CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2025-8981 itsourcecode Online Tour and Travel Management System payment.php sql injection itsourcecodeOnline Tour and Travel Management System High 7.3 2025-08-14 20:02:06 Deep Dive
CVE-2025-8972 itsourcecode Online Tour and Travel Management System page-login.php sql injection itsourcecodeOnline Tour and Travel Management System High 7.3 2025-08-14 17:32:06 Deep Dive
CVE-2025-8971 itsourcecode Online Tour and Travel Management System travellers.php sql injection itsourcecodeOnline Tour and Travel Management System High 7.3 2025-08-14 17:02:09 Deep Dive
CVE-2025-8970 itsourcecode Online Tour and Travel Management System booking.php sql injection itsourcecodeOnline Tour and Travel Management System High 7.3 2025-08-14 17:02:07 Deep Dive
CVE-2025-8969 itsourcecode Online Tour and Travel Management System approve_user.php sql injection itsourcecodeOnline Tour and Travel Management System High 7.3 2025-08-14 16:32:09 Deep Dive
CVE-2025-8968 itsourcecode Online Tour and Travel Management System disapprove_user.php sql injection itsourcecodeOnline Tour and Travel Management System High 7.3 2025-08-14 16:32:06 Deep Dive
CVE-2025-8967 itsourcecode Online Tour and Travel Management System packages.php sql injection itsourcecodeOnline Tour and Travel Management System High 7.3 2025-08-14 16:02:07 Deep Dive
CVE-2025-8966 itsourcecode Online Tour and Travel Management System tax.php sql injection itsourcecodeOnline Tour and Travel Management System High 7.3 2025-08-14 15:32:08 Deep Dive
CVE-2025-6350 WP VR – 360 Panorama and Free Virtual Tour Builder For WordPress <= 8.5.32 - Authenticated (Contributor+) Stored Cross-Site Scripting rexthemeWP VR – 360 Panorama and Free Virtual Tour Builder For WordPress Medium 6.4 2025-06-28 03:22:00 Deep Dive
CVE-2025-5282 WP Travel Engine <= 6.5.1 - Missing Authorization to Unauthenticated Arbitrary Post Deletion wptravelengineWP Travel Engine – Tour Booking Plugin – Tour Operator Software High 7.5 2025-06-13 03:41:45 Deep Dive
CVE-2025-39485 WordPress GrandTour theme <= 5.6 - PHP Object Injection vulnerability ThemeGoodsGrand Tour Critical 9.8 2025-05-23 12:43:55 Deep Dive
CVE-2024-13369 Tour Master - Tour Booking, Travel, Hotel <= 5.3.7 - Authenticated (Subscriber+) SQL Injection via review_id Parameter GoodLayersTour Master - Tour Booking, Travel, Hotel Medium 6.5 2025-02-18 09:21:16 Deep Dive
CVE-2025-24566 WordPress Intro Tour Tutorial DeepPresentation plugin <= 6.5.2 - Reflected Cross Site Scripting (XSS) vulnerability Tomáš GroulíkIntro Tour Tutorial DeepPresentation High 7.1 2025-02-14 12:44:34 Deep Dive
CVE-2024-13542 WP Google Street View (with 360° virtual tour) & Google maps + Local SEO <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting pagupWP Google Street View (with 360° virtual tour) & Google maps + Local SEO Medium 6.4 2025-01-24 11:07:32 Deep Dive
CVE-2024-12067 WP Travel – Ultimate Travel Booking System, Tour Management Engine <= 10.0.0 - Authenticated (Subscriber+) SQL Injection wptravelWP Travel – Ultimate Travel Booking System, Tour Management Engine Medium 6.5 2025-01-09 11:10:58 Deep Dive
CVE-2024-11466 Intro Tour Tutorial DeepPresentation <= 6.5.2 - Reflected Cross-Site Scripting tomasgroulikIntro Tour Tutorial DeepPresentation Medium 6.1 2024-12-04 07:32:25 Deep Dive
CVE-2024-10606 WP Travel Engine <= 6.2.1 - Missing Authorization to Authenticated (Contributor+) Plugin Settings Update wptravelengineWP Travel Engine – Tour Booking Plugin – Tour Operator Software Medium 4.3 2024-11-23 04:32:22 Deep Dive
CVE-2024-9851 LSX Tour Operator <= 1.4.9 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload feedmymediaTour Operator Medium 6.4 2024-11-21 02:06:20 Deep Dive
CVE-2024-38690 WordPress iPanorama 360 plugin <= 1.8.3 - Broken Access Control vulnerability AvirtumiPanorama 360 WordPress Virtual Tour Builder Medium 5.3 2024-11-01 14:18:09 Deep Dive
CVE-2022-4974 Freemius SDK <= 2.4.2 - Missing Authorization Checks dashlabsltdYASR – Yet Another Star Rating Plugin for WordPress Medium 6.3 2024-10-16 06:43:30 Deep Dive