Tourfic – Travel Booking, Hotel Booking & Car Rental WordPress Plugin — Vulnerabilities & Security Advisories 3

All 3 CVE vulnerabilities found in Tourfic – Travel Booking, Hotel Booking & Car Rental WordPress Plugin, with AI-generated Chinese analysis, references, and POCs.

Vendor: themefic

CVE ID	Title	CVSS	Severity	Published
CVE-2024-8860	Tourfic <= 2.14.5 - Missing Authorization in Multiple Functions CWE-862	4.3	Medium	2025-08-26
CVE-2024-12032	Tourfic – Ultimate Hotel Booking, Travel Booking & Apartment Booking WordPress Plugin \| WooCommerce Booking <= 2.15.3 - Authenticated (Subscriber+) SQL Injection CWE-89	6.5	Medium	2024-12-25
CVE-2024-8319	Tourfic <= 2.11.20 - Cross-Site Request Forgery in Multiple Functions CWE-352	4.3	Medium	2024-08-30

All 3 known CVE vulnerabilities affecting Tourfic – Travel Booking, Hotel Booking & Car Rental WordPress Plugin with full Chinese analysis, references, and POCs where available.

Goal Reached Thanks to every supporter — we hit 100%!

Tourfic – Travel Booking, Hotel Booking & Car Rental WordPress Plugin — Vulnerabilities & Security Advisories 3