Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

wptravelengine — Vulnerabilities & Security Advisories 9

Browse all 9 CVE security advisories affecting wptravelengine. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by wptravelengine:WP Travel Engine – Tour Booking Plugin – Tour Operator SoftwareTravel MonsterWP Travel Engine – Elementor Widgets | Create Travel Booking Website Using WordPress and ElementorTravel Booking
CVE IDTitleCVSSSeverityPublished
CVE-2026-2437 WP Travel Engine - Travel and Tour Booking Plugin <= 6.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via wte_trip_tax Shortcode — WP Travel Engine – Tour Booking Plugin – Tour Operator SoftwareCWE-79 6.4 Medium2026-04-04
CVE-2026-32486 WordPress Travel Booking theme <= 1.3.9 - Broken Access Control vulnerability — Travel BookingCWE-862 8.2 -2026-03-13
CVE-2026-24607 WordPress Travel Monster theme <= 1.3.3 - Broken Access Control vulnerability — Travel MonsterCWE-862 5.3 Medium2026-01-23
CVE-2025-7634 WP Travel Engine – Tour Booking Plugin – Tour Operator Software <= 6.6.7 - Unauthenticated Local File Inclusion — WP Travel Engine – Tour Booking Plugin – Tour Operator SoftwareCWE-98 9.8 Critical2025-10-09
CVE-2025-7526 WP Travel Engine – Tour Booking Plugin – Tour Operator Software <= 6.6.7 - Authenticated (Subscriber+) Arbitrary File Deletion via File Renaming — WP Travel Engine – Tour Booking Plugin – Tour Operator SoftwareCWE-22 9.8 Critical2025-10-09
CVE-2025-5282 WP Travel Engine <= 6.5.1 - Missing Authorization to Unauthenticated Arbitrary Post Deletion — WP Travel Engine – Tour Booking Plugin – Tour Operator SoftwareCWE-862 7.5 High2025-06-13
CVE-2024-37272 WordPress Travel Monster theme <= 1.1.2 - Cross Site Request Forgery (CSRF) vulnerability — Travel MonsterCWE-352 4.3 Medium2025-01-02
CVE-2024-12272 WP Travel Engine – Elementor Widgets | Create Travel Booking Website Using WordPress and Elementor <= 1.3.7 - Authenticated (Contributor+) Local File Inclusion — WP Travel Engine – Elementor Widgets | Create Travel Booking Website Using WordPress and ElementorCWE-98 8.8 High2024-12-25
CVE-2024-10606 WP Travel Engine <= 6.2.1 - Missing Authorization to Authenticated (Contributor+) Plugin Settings Update — WP Travel Engine – Tour Booking Plugin – Tour Operator SoftwareCWE-862 4.3 Medium2024-11-23

This page lists every published CVE security advisory associated with wptravelengine. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.