All 5 CVE vulnerabilities found in Travel Booking WordPress Theme, with AI-generated Chinese analysis, references, and POCs.
Vendor: ShineTheme
| CVE ID | Title | CVSS | Severity | Paused |
|---|---|---|---|---|
| CVE-2025-1771 | Traveler <= 3.1.8 - Unauthenticated Local File Inclusion via hotel_alone_load_more_post CWE-98 | 9.8 | Critical | 2025-03-15 |
| CVE-2025-1773 | Traveler <= 3.1.8 - Reflected Cross-Site Scripting CWE-79 | 6.1 | Medium | 2025-03-15 |
| CVE-2024-12811 | Traveler <= 3.1.9 - Authenticated (Contributor+) Local File Inclusion via Shortcode CWE-98 | 8.8 | High | 2025-02-27 |
| CVE-2024-11912 | Traveler <= 3.1.6 - Unauthenticated SQL Injection via order_id CWE-89 | 7.5 | High | 2024-12-18 |
| CVE-2024-11926 | Traveler <= 3.1.6 - Missing Authorization in Several AJAX Actions CWE-862 | 6.5 | Medium | 2024-12-18 |
All 5 known CVE vulnerabilities affecting Travel Booking WordPress Theme with full Chinese analysis, references, and POCs where available.