cleantalk
Vulnerabilities and Security Researches

WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly, CVE-2026-27331

CVE, Research URL

CVE-2026-27331

Home page URL

Security reports for WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly

Application

WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly

Published on
May 27, 2026
Research Description
Missing Authorization vulnerability in Magepeople inc. WpTravelly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpTravelly: from n/a through 2.1.5.
Affected versions
max 2.1.6.
Status
vulnerable
Previous vulnerability researches
Enable jQuery Migrate Helper (CVE-2026-3279) , May 27, 2026
New vulnerability
Mutual Funds Data (CVE-2026-8869) , May 28, 2026
CDN Linker lite (CVE-2026-8941) , May 28, 2026
Team Master – A Modern WordPress Team Showcase (CVE-2026-8870) , May 28, 2026
Animate Your Content (CVE-2026-8872) , May 28, 2026
rexCrawler (CVE-2026-2280) , May 28, 2026