WP Travel Pro <= 10.6.0 Unauthenticated Arbitrary User Deletion via REST API (CVE-2026-4290)

www.wordfence.com 2026-06-02查看中文 →

Security AdvisoryCVE-2026-4290CriticalDefiant Inc.

Affected:

WP Travel Pro <= 10.6.0

Referenced CVEs: CVE-2026-4290 · 9.1

文章内图片已隐藏以节省流量 · Upgrade to Pro to view images & offline archive

This content was auto-fetched from www.wordfence.com, cleaned by our LLM pipeline, and translated to English. View original.

More from this source

WordPress OTP Login Plugin Unauthenticated Auth Bypass via Firebase (CVE-2026-3655) 2026-06-02 WordPress Simply Schedule Appointments Missing Authorization Arbitrary Modification (CVE-2026-6937) 2026-06-02 PDF Embedder WordPress Plugin Information Disclosure via Block Editor 2026-06-02 Easy Digital Downloads <= 3.6.7 CSRF to Payment Account Hijacking via square_tokens (CVE-2026-7533) 2026-06-02 WordPress Automotive Car Dealership Business Theme <=13.4.1 Authenticated Stored XSS via project_details (CVE-2025-14042 2026-06-02

Offline Archive

Offline screenshot & PDF are Pro-exclusive