CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24650 – WordPress Tourfic plugin <= 2.15.3 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2025-24650
24 Jan 2025 — Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Tourfic allows Upload a Web Shell to a Web Server. This issue affects Tourfic: from n/a through 2.15.3. The Tourfic – Ultimate Hotel Booking, Travel Booking & Car Rental WordPress Plugin | WooCommerce Booking plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.15.3. This makes it possible for authenticated attackers, with Administrator-level access an... • https://patchstack.com/database/wordpress/plugin/tourfic/vulnerability/wordpress-tourfic-plugin-2-15-3-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29134 – WordPress Tourfic plugin <= 2.11.8 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-29134
18 Mar 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Tourfic allows Stored XSS.This issue affects Tourfic: from n/a through 2.11.8. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en Themefic Tourfic permite almacenar XSS. Este problema afecta a Tourfic: desde n/a hasta 2.11.8. The Tourfic plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and... • https://patchstack.com/database/vulnerability/tourfic/wordpress-tourfic-plugin-2-11-8-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29135 – WordPress Tourfic plugin <= 2.11.15 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-29135
18 Mar 2024 — Unrestricted Upload of File with Dangerous Type vulnerability in Tourfic.This issue affects Tourfic: from n/a through 2.11.15. Carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en Tourfic. Este problema afecta a Tourfic: desde n/a hasta 2.11.15. The Tourfic – Ultimate Hotel Booking, Travel Booking & Apartment Booking WordPress Plugin | WooCommerce Booking plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and includi... • https://patchstack.com/database/vulnerability/tourfic/wordpress-tourfic-plugin-2-11-15-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29136 – WordPress Tourfic plugin <= 2.11.17 - PHP Object Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-29136
18 Mar 2024 — Deserialization of Untrusted Data vulnerability in Themefic Tourfic.This issue affects Tourfic: from n/a through 2.11.17. Vulnerabilidad de deserialización de datos no confiables en Themefic Tourfic. Este problema afecta a Tourfic: desde n/a hasta 2.11.17. The Tourfic – Ultimate Hotel Booking, Travel Booking & Apartment Booking WordPress Plugin | WooCommerce Booking plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.11.17 via deserialization of untrusted input... • https://patchstack.com/database/vulnerability/tourfic/wordpress-tourfic-plugin-2-11-17-php-object-injection-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29137 – WordPress Tourfic plugin <= 2.11.7 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-29137
18 Mar 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Tourfic allows Reflected XSS.This issue affects Tourfic: from n/a through 2.11.7. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en Themefic Tourfic permite Reflected XSS. Este problema afecta a Tourfic: desde n/a hasta 2.11.7. The Tourfic plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up t... • https://patchstack.com/database/vulnerability/tourfic/wordpress-tourfic-plugin-2-11-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •