cleantalk
Vulnerabilities and Security Researches

Travelpayouts: All Travel Brands in One Place, CVE-2025-68042

CVE, Research URL

CVE-2025-68042

Home page URL

Security reports for Travelpayouts: All Travel Brands in One Place

Application

Travelpayouts: All Travel Brands in One Place

Published on
Feb 20, 2026
Research Description
Missing Authorization vulnerability in Travelpayouts Travelpayouts travelpayouts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travelpayouts: from n/a through <= 1.2.1.
Affected versions
max 1.2.1.
Status
vulnerable
Previous vulnerability researches
Responsive Lightbox2 (CVE-2022-3987) , Jun 07, 2024
Responsive Lightbox2 (3a708e667647cfc7347348989e4ffa77f2b38c04) , Jun 07, 2024
Responsive Lightbox &amp; Gallery (CVE-2025-15386) , Feb 27, 2026
Responsive Lightbox &amp; Gallery (CVE-2024-43924) , Aug 29, 2024
Responsive Lightbox &amp; Gallery (CVE-2013-6837) , Jun 07, 2024
New vulnerability
Visitor Maps Extended Referer Field (CVE-2025-69389) , Feb 28, 2026
Event Manager and Tickets Selling Plugin for WooCommerce &#8211; WpEvently &#8211; WordPress Plugin (CVE-2026-24942) , Feb 28, 2026
Event Manager and Tickets Selling Plugin for WooCommerce &#8211; WpEvently &#8211; WordPress Plugin (CVE-2026-23549) , Feb 28, 2026
Event Manager and Tickets Selling Plugin for WooCommerce &#8211; WpEvently &#8211; WordPress Plugin (CVE-2026-24954) , Feb 28, 2026
Library Management System (CVE-2025-12707) , Feb 28, 2026