cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forwp-travel wp-travel

Direction: descending
May 14, 2026

WP Travel – Best Travel Booking WordPress Plugin, Tour Management Engine # CVE-2026-45218

CVE, Research URL

CVE-2026-45218

Home page URL

Security reports for WP Travel – Best Travel Booking WordPress Plugin, Tour Management Engine

Application

WP Travel – Best Travel Booking WordPress Plugin, Tour Management Engine

Date
May 12, 2026
Research Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel WP Travel wp-travel allows Blind SQL Injection.This issue affects WP Travel: from n/a through <= 11.4.0.
Affected versions
max 11.5.0.
Status
vulnerable
Jan 27, 2026

WP Travel &#8211; Best Travel Booking WordPress Plugin, Tour Management Engine # CVE-2026-24568

CVE, Research URL

CVE-2026-24568

Home page URL

Security reports for WP Travel &#8211; Best Travel Booking WordPress Plugin, Tour Management Engine

Application

WP Travel &#8211; Best Travel Booking WordPress Plugin, Tour Management Engine

Date
Jan 23, 2026
Research Description
Missing Authorization vulnerability in WP Travel WP Travel wp-travel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Travel: from n/a through <= 11.0.0.
Affected versions
max 11.0.0.
Status
vulnerable
Feb 05, 2025

WP Travel &#8211; Best Travel Booking WordPress Plugin, Tour Management Engine # CVE-2025-22691

CVE, Research URL

CVE-2025-22691

Home page URL

Security reports for WP Travel &#8211; Best Travel Booking WordPress Plugin, Tour Management Engine

Application

WP Travel &#8211; Best Travel Booking WordPress Plugin, Tour Management Engine

Date
Feb 03, 2025
Research Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel WP Travel allows SQL Injection. This issue affects WP Travel: from n/a through 10.1.0.
Affected versions
max 10.1.4.
Status
vulnerable
Jan 10, 2025

WP Travel &#8211; Best Travel Booking WordPress Plugin, Tour Management Engine # CVE-2024-12067

CVE, Research URL

CVE-2024-12067

Home page URL

Security reports for WP Travel &#8211; Best Travel Booking WordPress Plugin, Tour Management Engine

Application

WP Travel &#8211; Best Travel Booking WordPress Plugin, Tour Management Engine

Date
Jan 09, 2025
Research Description
The WP Travel – Ultimate Travel Booking System, Tour Management Engine plugin for WordPress is vulnerable to SQL Injection via the 'booking_itinerary' parameter of the 'wptravel_get_booking_data' function in all versions up to, and including, 10.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions
max 10.0.0.
Status
vulnerable
Dec 08, 2024

WP Travel &#8211; Best Travel Booking WordPress Plugin, Tour Management Engine # CVE-2024-53813

CVE, Research URL

CVE-2024-53813

Home page URL

Security reports for WP Travel &#8211; Best Travel Booking WordPress Plugin, Tour Management Engine

Application

WP Travel &#8211; Best Travel Booking WordPress Plugin, Tour Management Engine

Date
Dec 06, 2024
Research Description
Missing Authorization vulnerability in WP Travel WP Travel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Travel: from n/a through 9.6.0.
Affected versions
max 9.7.0.
Status
vulnerable
Sep 28, 2024

WP Travel &#8211; Best Travel Booking WordPress Plugin, Tour Management Engine # CVE-2024-44039

CVE, Research URL

CVE-2024-44039

Home page URL

Security reports for WP Travel &#8211; Best Travel Booking WordPress Plugin, Tour Management Engine

Application

WP Travel &#8211; Best Travel Booking WordPress Plugin, Tour Management Engine

Date
Oct 06, 2024
Research Description
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Travel allows Stored XSS.This issue affects WP Travel: from n/a through 9.3.1.
Affected versions
max 9.4.0.
Status
vulnerable
Jun 10, 2024

WP Travel &#8211; Best Travel Booking WordPress Plugin, Tour Management Engine # CVE-2023-47224

CVE, Research URL

CVE-2023-47224

Home page URL

Security reports for WP Travel &#8211; Best Travel Booking WordPress Plugin, Tour Management Engine

Application

WP Travel &#8211; Best Travel Booking WordPress Plugin, Tour Management Engine

Date
Jan 02, 2025
Research Description
Missing Authorization vulnerability in WP Travel WP Travel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Travel: from n/a through 7.8.0.
Affected versions
max 7.8.1.
Status
vulnerable
Jun 07, 2024

WP Travel &#8211; Best Travel Booking WordPress Plugin, Tour Management Engine # CVE-2021-4342

CVE, Research URL

-

Home page URL

Security reports for WP Travel &#8211; Best Travel Booking WordPress Plugin, Tour Management Engine

Application

WP Travel &#8211; Best Travel Booking WordPress Plugin, Tour Management Engine

Date
Jun 07, 2023
Research Description
Rejected reason: CVE split into individual CVE IDs for each software record.
Affected versions
max 4.4.7.
Status
vulnerable

WP Travel &#8211; Best Travel Booking WordPress Plugin, Tour Management Engine # 1bf3008a7996a1f0c45510d33cb7fba66437e59f

CVE, Research URL

1bf3008a7996a1f0c45510d33cb7fba66437e59f

Home page URL

Security reports for WP Travel &#8211; Best Travel Booking WordPress Plugin, Tour Management Engine

Application

WP Travel &#8211; Best Travel Booking WordPress Plugin, Tour Management Engine

Date
Mar 01, 2021
Research Description
WP Travel &#8211; Ultimate Travel Booking System, Tour Management Engine [wp-travel] < 4.4.7 WordPress WP Travel plugin <= 4.4.6 - Cross-Site Request Forgery (CSRF) vulnerability Cross-Site Request Forgery (CSRF) vulnerability found by NintechNet in WordPress WP Travel plugin (versions <= 4.4.6).
Affected versions
max 4.4.7.
Status
vulnerable

WP Travel &#8211; Best Travel Booking WordPress Plugin, Tour Management Engine # CVE-2021-4389

CVE, Research URL

CVE-2021-4389

Home page URL

Security reports for WP Travel &#8211; Best Travel Booking WordPress Plugin, Tour Management Engine

Application

WP Travel &#8211; Best Travel Booking WordPress Plugin, Tour Management Engine

Date
Jul 01, 2023
Research Description
The WP Travel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.4.6. This is due to missing or incorrect nonce validation on the save_meta_data() function. This makes it possible for unauthenticated attackers to save metadata for travel posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
max 4.2.0.
Status
vulnerable