Vulnerabilities and security researches fortour-booking-manager tour-booking-manager

Jun 07, 2024

CVE, Research URL: CVE-2024-0434
Home page URL: Security reports for WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly
Application: WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly
Date: May 29, 2024
Research Description: The WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ttbm_new_place_save' function in all versions up to, and including, 1.7.1. This makes it possible for unauthenticated attackers to create and publish new place posts. This function is also vulnerable to CSRF.
Affected versions: max 1.7.2.
Status: vulnerable

CVE, Research URL: CVE-2024-32450
Home page URL: Security reports for WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly
Application: WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly
Date: Apr 15, 2024
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in MagePeople Team WpTravelly.This issue affects WpTravelly: from n/a through 1.6.0.
Affected versions: max 1.6.1.
Status: vulnerable

Aug 13, 2024

CVE, Research URL: CVE-2024-43212
Home page URL: Security reports for WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly
Application: WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly
Date: Nov 01, 2024
Research Description: Missing Authorization vulnerability in MagePeople Team WpTravelly allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WpTravelly: from n/a through 1.7.7.
Affected versions: max 1.7.8.
Status: vulnerable

Jan 17, 2025

CVE, Research URL: CVE-2025-22737
Home page URL: Security reports for WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly
Application: WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly
Date: Jan 15, 2025
Research Description: Missing Authorization vulnerability in MagePeople Team WpTravelly allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WpTravelly: from n/a through 1.8.5.
Affected versions: max 1.8.6.
Status: vulnerable

Apr 02, 2025

CVE, Research URL: CVE-2025-30891
Home page URL: Security reports for WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly
Application: WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly
Date: Mar 27, 2025
Research Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in magepeopleteam WpTravelly allows PHP Local File Inclusion. This issue affects WpTravelly: from n/a through 1.8.7.
Affected versions: max 1.8.8.
Status: vulnerable

May 06, 2025

CVE, Research URL: CVE-2025-30892
Home page URL: Security reports for WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly
Application: WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly
Date: Apr 02, 2025
Research Description: Deserialization of Untrusted Data vulnerability in magepeopleteam WpTravelly allows Object Injection. This issue affects WpTravelly: from n/a through 1.8.7.
Affected versions: max 1.8.8.
Status: vulnerable

Apr 13, 2026

CVE, Research URL: CVE-2026-39565
Home page URL: Security reports for WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly
Application: WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly
Date: Apr 08, 2026
Research Description: Missing Authorization vulnerability in magepeopleteam WpTravelly tour-booking-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpTravelly: from n/a through <= 2.1.7.
Affected versions: max 2.1.8.
Status: vulnerable

May 28, 2026

CVE, Research URL: CVE-2026-27331
Home page URL: Security reports for WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly
Application: WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly
Date: May 27, 2026
Research Description: Missing Authorization vulnerability in Magepeople inc. WpTravelly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpTravelly: from n/a through 2.1.5.
Affected versions: max 2.1.6.
Status: vulnerable