cleantalk
Vulnerabilities and Security Researches

WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly, CVE-2026-27331

CVE, Research URL

CVE-2026-27331

Home page URL

Security reports for WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly

Application

WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly

Published on
May 27, 2026
Research Description
Missing Authorization vulnerability in Magepeople inc. WpTravelly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpTravelly: from n/a through 2.1.5.
Affected versions
max 2.1.6.
Status
vulnerable
Previous vulnerability researches
Sunshine Photo Cart: Free Client Galleries for Photographers (CVE-2026-39564) , Apr 14, 2026
Sunshine Photo Cart: Free Client Galleries for Photographers (CVE-2024-44038) , Sep 28, 2024
Sunshine Photo Cart: Free Client Galleries for Photographers (CVE-2026-24994) , Feb 28, 2026
Sunshine Photo Cart: Free Client Galleries for Photographers (CVE-2025-67973) , Feb 28, 2026
Sunshine Photo Cart: Free Client Galleries for Photographers (CVE-2024-43971) , Sep 01, 2024
New vulnerability
Mutual Funds Data (CVE-2026-8869) , May 28, 2026
CDN Linker lite (CVE-2026-8941) , May 28, 2026
Team Master – A Modern WordPress Team Showcase (CVE-2026-8870) , May 28, 2026
Animate Your Content (CVE-2026-8872) , May 28, 2026
rexCrawler (CVE-2026-2280) , May 28, 2026