Vulnerabilities and security researches forwp-travel wp-travel

Direction: ascending

Jun 07, 2024

WP Travel – Best Travel Booking WordPress Plugin, Tour Management Engine # CVE-2021-4342

CVE, Research URL: -
Home page URL: Security reports for WP Travel – Best Travel Booking WordPress Plugin, Tour Management Engine
Application: WP Travel – Best Travel Booking WordPress Plugin, Tour Management Engine
Date: Jun 07, 2023
Research Description: Rejected reason: CVE split into individual CVE IDs for each software record.
Affected versions: max 4.4.7.
Status: vulnerable

WP Travel – Best Travel Booking WordPress Plugin, Tour Management Engine # 1bf3008a7996a1f0c45510d33cb7fba66437e59f

CVE, Research URL: 1bf3008a7996a1f0c45510d33cb7fba66437e59f
Home page URL: Security reports for WP Travel – Best Travel Booking WordPress Plugin, Tour Management Engine
Application: WP Travel – Best Travel Booking WordPress Plugin, Tour Management Engine
Date: Mar 01, 2021
Research Description: WP Travel – Ultimate Travel Booking System, Tour Management Engine [wp-travel] < 4.4.7 WordPress WP Travel plugin <= 4.4.6 - Cross-Site Request Forgery (CSRF) vulnerability Cross-Site Request Forgery (CSRF) vulnerability found by NintechNet in WordPress WP Travel plugin (versions <= 4.4.6).
Affected versions: max 4.4.7.
Status: vulnerable

WP Travel – Best Travel Booking WordPress Plugin, Tour Management Engine # CVE-2021-4389

CVE, Research URL: CVE-2021-4389
Home page URL: Security reports for WP Travel – Best Travel Booking WordPress Plugin, Tour Management Engine
Application: WP Travel – Best Travel Booking WordPress Plugin, Tour Management Engine
Date: Jul 01, 2023
Research Description: The WP Travel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.4.6. This is due to missing or incorrect nonce validation on the save_meta_data() function. This makes it possible for unauthenticated attackers to save metadata for travel posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: max 4.2.0.
Status: vulnerable

Jun 10, 2024

WP Travel – Best Travel Booking WordPress Plugin, Tour Management Engine # CVE-2023-47224

CVE, Research URL: CVE-2023-47224
Home page URL: Security reports for WP Travel – Best Travel Booking WordPress Plugin, Tour Management Engine
Application: WP Travel – Best Travel Booking WordPress Plugin, Tour Management Engine
Date: Jan 02, 2025
Research Description: Missing Authorization vulnerability in WP Travel WP Travel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Travel: from n/a through 7.8.0.
Affected versions: max 7.8.1.
Status: vulnerable

Sep 28, 2024

WP Travel – Best Travel Booking WordPress Plugin, Tour Management Engine # CVE-2024-44039

CVE, Research URL: CVE-2024-44039
Home page URL: Security reports for WP Travel – Best Travel Booking WordPress Plugin, Tour Management Engine
Application: WP Travel – Best Travel Booking WordPress Plugin, Tour Management Engine
Date: Oct 06, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Travel allows Stored XSS.This issue affects WP Travel: from n/a through 9.3.1.
Affected versions: max 9.4.0.
Status: vulnerable

Dec 08, 2024

WP Travel – Best Travel Booking WordPress Plugin, Tour Management Engine # CVE-2024-53813

CVE, Research URL: CVE-2024-53813
Home page URL: Security reports for WP Travel – Best Travel Booking WordPress Plugin, Tour Management Engine
Application: WP Travel – Best Travel Booking WordPress Plugin, Tour Management Engine
Date: Dec 06, 2024
Research Description: Missing Authorization vulnerability in WP Travel WP Travel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Travel: from n/a through 9.6.0.
Affected versions: max 9.7.0.
Status: vulnerable

Jan 10, 2025

WP Travel – Best Travel Booking WordPress Plugin, Tour Management Engine # CVE-2024-12067

CVE, Research URL: CVE-2024-12067
Home page URL: Security reports for WP Travel – Best Travel Booking WordPress Plugin, Tour Management Engine
Application: WP Travel – Best Travel Booking WordPress Plugin, Tour Management Engine
Date: Jan 09, 2025
Research Description: The WP Travel – Ultimate Travel Booking System, Tour Management Engine plugin for WordPress is vulnerable to SQL Injection via the 'booking_itinerary' parameter of the 'wptravel_get_booking_data' function in all versions up to, and including, 10.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions: max 10.0.0.
Status: vulnerable

Feb 05, 2025

WP Travel – Best Travel Booking WordPress Plugin, Tour Management Engine # CVE-2025-22691

CVE, Research URL: CVE-2025-22691
Home page URL: Security reports for WP Travel – Best Travel Booking WordPress Plugin, Tour Management Engine
Application: WP Travel – Best Travel Booking WordPress Plugin, Tour Management Engine
Date: Feb 03, 2025
Research Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel WP Travel allows SQL Injection. This issue affects WP Travel: from n/a through 10.1.0.
Affected versions: max 10.1.4.
Status: vulnerable

Jan 27, 2026

WP Travel – Best Travel Booking WordPress Plugin, Tour Management Engine # CVE-2026-24568

CVE, Research URL: CVE-2026-24568
Home page URL: Security reports for WP Travel – Best Travel Booking WordPress Plugin, Tour Management Engine
Application: WP Travel – Best Travel Booking WordPress Plugin, Tour Management Engine
Date: Jan 23, 2026
Research Description: Missing Authorization vulnerability in WP Travel WP Travel wp-travel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Travel: from n/a through <= 11.0.0.
Affected versions: max 11.0.0.
Status: vulnerable

May 14, 2026

WP Travel – Best Travel Booking WordPress Plugin, Tour Management Engine # CVE-2026-45218

CVE, Research URL: CVE-2026-45218
Home page URL: Security reports for WP Travel – Best Travel Booking WordPress Plugin, Tour Management Engine
Application: WP Travel – Best Travel Booking WordPress Plugin, Tour Management Engine
Date: May 12, 2026
Research Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel WP Travel wp-travel allows Blind SQL Injection.This issue affects WP Travel: from n/a through <= 11.4.0.
Affected versions: max 11.5.0.
Status: vulnerable

Vulnerabilities and security researches forwp-travel wp-travel

WP Travel &#8211; Best Travel Booking WordPress Plugin, Tour Management Engine # CVE-2021-4342

WP Travel &#8211; Best Travel Booking WordPress Plugin, Tour Management Engine # 1bf3008a7996a1f0c45510d33cb7fba66437e59f

WP Travel &#8211; Best Travel Booking WordPress Plugin, Tour Management Engine # CVE-2021-4389

WP Travel &#8211; Best Travel Booking WordPress Plugin, Tour Management Engine # CVE-2023-47224

WP Travel &#8211; Best Travel Booking WordPress Plugin, Tour Management Engine # CVE-2024-44039

WP Travel &#8211; Best Travel Booking WordPress Plugin, Tour Management Engine # CVE-2024-53813

WP Travel &#8211; Best Travel Booking WordPress Plugin, Tour Management Engine # CVE-2024-12067

WP Travel &#8211; Best Travel Booking WordPress Plugin, Tour Management Engine # CVE-2025-22691

WP Travel &#8211; Best Travel Booking WordPress Plugin, Tour Management Engine # CVE-2026-24568

WP Travel &#8211; Best Travel Booking WordPress Plugin, Tour Management Engine # CVE-2026-45218

WP Travel – Best Travel Booking WordPress Plugin, Tour Management Engine # CVE-2021-4342

WP Travel – Best Travel Booking WordPress Plugin, Tour Management Engine # 1bf3008a7996a1f0c45510d33cb7fba66437e59f

WP Travel – Best Travel Booking WordPress Plugin, Tour Management Engine # CVE-2021-4389

WP Travel – Best Travel Booking WordPress Plugin, Tour Management Engine # CVE-2023-47224

WP Travel – Best Travel Booking WordPress Plugin, Tour Management Engine # CVE-2024-44039

WP Travel – Best Travel Booking WordPress Plugin, Tour Management Engine # CVE-2024-53813

WP Travel – Best Travel Booking WordPress Plugin, Tour Management Engine # CVE-2024-12067

WP Travel – Best Travel Booking WordPress Plugin, Tour Management Engine # CVE-2025-22691

WP Travel – Best Travel Booking WordPress Plugin, Tour Management Engine # CVE-2026-24568

WP Travel – Best Travel Booking WordPress Plugin, Tour Management Engine # CVE-2026-45218