NotCVE - vendor:"Wptravelengine" product:"Wp Travel Engine" version:"

8 results (0.003 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2025-49308 – WordPress WP Travel Engine <= 6.5.1 - Local File Inclusion Vulnerability

https://notcve.org/view.php?id=CVE-2025-49308

05 Jun 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Travel Engine WP Travel Engine allows PHP Local File Inclusion. This issue affects WP Travel Engine: from n/a through 6.5.1. The WP Travel Engine plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 6.5.1. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the ser... • https://patchstack.com/database/wordpress/plugin/wp-travel-engine/vulnerability/wordpress-wp-travel-engine-6-5-1-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2025-30871 – WordPress WP Travel Engine plugin <= 6.3.5 - Local File Inclusion vulnerability

https://notcve.org/view.php?id=CVE-2025-30871

27 Mar 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Travel Engine WP Travel Engine allows PHP Local File Inclusion. This issue affects WP Travel Engine: from n/a through 6.3.5. The WP Travel Engine plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 6.3.5. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the ser... • https://patchstack.com/database/wordpress/plugin/wp-travel-engine/vulnerability/wordpress-wp-travel-engine-plugin-6-3-5-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2025-30870 – WordPress WP Travel Engine plugin <= 6.3.5 - Local File Inclusion vulnerability

https://notcve.org/view.php?id=CVE-2025-30870

27 Mar 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Travel Engine WP Travel Engine allows PHP Local File Inclusion. This issue affects WP Travel Engine: from n/a through 6.3.5. The WP Travel Engine plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 6.3.5. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP c... • https://patchstack.com/database/wordpress/plugin/wp-travel-engine/vulnerability/wordpress-wp-travel-engine-plugin-6-3-5-local-file-inclusion-vulnerability-2?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-37944 – WordPress WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin <= 5.9.1 - Cross Site Scripting (XSS) vulnerability

https://notcve.org/view.php?id=CVE-2024-37944

10 Jul 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Travel Engine allows Stored XSS.This issue affects WP Travel Engine: from n/a through 5.9.1. Vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en WP Travel Engine permite XSS almacenado. Este problema afecta a WP Travel Engine: desde n/a hasta 5.9.1. The WP Travel Engine plugin for WordPress is vulnerable to Stored Cross-S... • https://patchstack.com/database/vulnerability/wp-travel-engine/wordpress-wp-travel-engine-tour-booking-plugin-tour-operator-software-plugin-5-9-1-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-32798 – WordPress WP Travel Engine plugin <= 5.8.0 - Price Manipulation vulnerability

https://notcve.org/view.php?id=CVE-2024-32798

22 Apr 2024 — Missing Authorization vulnerability in WP Travel Engine.This issue affects WP Travel Engine: from n/a through 5.8.0. Vulnerabilidad de autorización faltante en WP Travel Engine. Este problema afecta a WP Travel Engine: desde n/a hasta 5.8.0. The WP Travel Engine – Best Travel Booking WordPress Plugin plugin for WordPress is vulnerable to price manipulation in all versions up to, and including, 5.8.0. This is due to the plugin not properly validating a price. • https://patchstack.com/database/vulnerability/wp-travel-engine/wordpress-wp-travel-engine-plugin-5-8-0-price-manipulation-vulnerability?_s_id=cve • CWE-472: External Control of Assumed-Immutable Web Parameter CWE-862: Missing Authorization •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-30502 – WordPress WP Travel Engine plugin <= 5.7.9 - Unauth. Blind SQL Injection vulnerability

https://notcve.org/view.php?id=CVE-2024-30502

28 Mar 2024 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel Engine.This issue affects WP Travel Engine: from n/a through 5.7.9. Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ("Inyección SQL") en WP Travel Engine. Este problema afecta a WP Travel Engine: desde n/a hasta 5.7.9. The WP Travel Engine plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 5.7.9 due to insufficien... • https://patchstack.com/database/vulnerability/wp-travel-engine/wordpress-wp-travel-engine-plugin-5-7-9-unauth-blind-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-30504 – WordPress WP Travel Engine plugin <= 5.7.9 - SQL Injection vulnerability

https://notcve.org/view.php?id=CVE-2024-30504

28 Mar 2024 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel Engine.This issue affects WP Travel Engine: from n/a through 5.7.9. Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ("Inyección SQL") en WP Travel Engine. Este problema afecta a WP Travel Engine: desde n/a hasta 5.7.9. The WP Travel Engine plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 5.7.9 due to insufficien... • https://patchstack.com/database/vulnerability/wp-travel-engine/wordpress-wp-travel-engine-plugin-5-7-9-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2021-24680 – WP Travel Engine < 5.3.1 - Editor+ Stored Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2021-24680

01 Dec 2021 — The WP Travel Engine WordPress plugin before 5.3.1 does not escape the Description field in the Trip Destination/Activities/Trip Type and Pricing Category pages, allowing users with a role as low as editor to perform Stored Cross-Site Scripting attacks, even when the unfiltered_html capability is disallowed El plugin WP Travel Engine de WordPress versiones anteriores a 5.3.1, no escapa del campo Description field en las páginas Trip Destination/Activities/Trip Type y Pricing Category, permitiendo a usuarios... • https://wpscan.com/vulnerability/30f2a0d5-7959-436c-9860-2535020e82d3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •