cleantalk
Vulnerabilities and Security Researches

WP Travel Engine – Best Travel Booking WordPress Plugin, CVE-2025-30870

CVE, Research URL

CVE-2025-30870

Home page URL

Security reports for WP Travel Engine – Best Travel Booking WordPress Plugin

Application

WP Travel Engine – Best Travel Booking WordPress Plugin

Published on
Apr 01, 2025
Research Description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Travel Engine WP Travel Engine allows PHP Local File Inclusion. This issue affects WP Travel Engine: from n/a through 6.3.5.
Affected versions
Min -, max 6.3.6.
Status
vulnerable
Previous vulnerability researches
External image replace (CVE-2025-30535) , Mar 26, 2025
External image replace (CVE-2025-4279) , May 06, 2025
New vulnerability
Notibar – Notification Bar for WordPress (CVE-2024-11012) , May 07, 2025
Cision Block (CVE-2025-3782) , May 07, 2025
myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin (CVE-2022-4974) , May 07, 2025
BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages (CVE-2024-13358) , May 07, 2025
kStats Reloaded (CVE-2025-46440) , May 07, 2025