Vulnerabilities and security researches forwp-travel-engine wp-travel-engine

Jun 07, 2024

CVE, Research URL: CVE-2021-24680
Home page URL: Security reports for WP Travel Engine – Best Travel Booking WordPress Plugin
Application: WP Travel Engine – Best Travel Booking WordPress Plugin
Date: Jan 03, 2022
Research Description: The WP Travel Engine WordPress plugin before 5.3.1 does not escape the Description field in the Trip Destination/Activities/Trip Type and Pricing Category pages, allowing users with a role as low as editor to perform Stored Cross-Site Scripting attacks, even when the unfiltered_html capability is disallowed
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-32798
Home page URL: Security reports for WP Travel Engine – Best Travel Booking WordPress Plugin
Application: WP Travel Engine – Best Travel Booking WordPress Plugin
Date: Jun 09, 2024
Research Description: Missing Authorization vulnerability in WP Travel Engine.This issue affects WP Travel Engine: from n/a through 5.8.0.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-30502
Home page URL: Security reports for WP Travel Engine – Best Travel Booking WordPress Plugin
Application: WP Travel Engine – Best Travel Booking WordPress Plugin
Date: Mar 29, 2024
Research Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel Engine.This issue affects WP Travel Engine: from n/a through 5.7.9.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-30504
Home page URL: Security reports for WP Travel Engine – Best Travel Booking WordPress Plugin
Application: WP Travel Engine – Best Travel Booking WordPress Plugin
Date: Mar 29, 2024
Research Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel Engine.This issue affects WP Travel Engine: from n/a through 5.7.9.
Affected versions: Min -, max -.
Status: vulnerable

Jul 14, 2024

CVE, Research URL: CVE-2024-37944
Home page URL: Security reports for WP Travel Engine – Best Travel Booking WordPress Plugin
Application: WP Travel Engine – Best Travel Booking WordPress Plugin
Date: Jul 20, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Travel Engine allows Stored XSS.This issue affects WP Travel Engine: from n/a through 5.9.1.
Affected versions: Min -, max -.
Status: vulnerable

Nov 15, 2024

CVE, Research URL: CVE-2022-4974
Home page URL: Security reports for WP Travel Engine – Best Travel Booking WordPress Plugin
Application: WP Travel Engine – Best Travel Booking WordPress Plugin
Date: Oct 16, 2024
Research Description: The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
Affected versions: Min -, max -.
Status: vulnerable

Nov 24, 2024

CVE, Research URL: CVE-2024-10606
Home page URL: Security reports for WP Travel Engine – Best Travel Booking WordPress Plugin
Application: WP Travel Engine – Best Travel Booking WordPress Plugin
Date: Nov 23, 2024
Research Description: The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpte_onboard_save_function_callback() function in all versions up to, and including, 6.2.1. This makes it possible for authenticated attackers, with contributor-level access and above, to modify several settings that could have an impact such as lost revenue and page updates.
Affected versions: Min -, max -.
Status: vulnerable

Apr 02, 2025

CVE, Research URL: CVE-2025-30871
Home page URL: Security reports for WP Travel Engine – Best Travel Booking WordPress Plugin
Application: WP Travel Engine – Best Travel Booking WordPress Plugin
Date: Mar 27, 2025
Research Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Travel Engine WP Travel Engine allows PHP Local File Inclusion. This issue affects WP Travel Engine: from n/a through 6.3.5.
Affected versions: Min -, max -.
Status: vulnerable

May 06, 2025

CVE, Research URL: CVE-2025-30870
Home page URL: Security reports for WP Travel Engine – Best Travel Booking WordPress Plugin
Application: WP Travel Engine – Best Travel Booking WordPress Plugin
Date: Apr 01, 2025
Research Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Travel Engine WP Travel Engine allows PHP Local File Inclusion. This issue affects WP Travel Engine: from n/a through 6.3.5.
Affected versions: Min -, max -.
Status: vulnerable