cleantalk
Vulnerabilities and Security Researches

WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly, CVE-2025-30891

CVE, Research URL

CVE-2025-30891

Home page URL

Security reports for WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly

Application

WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly

Published on
Mar 27, 2025
Research Description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in magepeopleteam WpTravelly allows PHP Local File Inclusion. This issue affects WpTravelly: from n/a through 1.8.7.
Affected versions
max 1.8.8.
Status
vulnerable
Previous vulnerability researches
WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly (CVE-2024-43212) , Aug 13, 2024
WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly (CVE-2025-22737) , Jan 17, 2025
WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly (CVE-2024-0434) , Jun 07, 2024
WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly (CVE-2024-32450) , Jun 07, 2024
WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly (CVE-2026-39565) , Apr 13, 2026
New vulnerability
Events In City (CVE-2026-8898) , May 28, 2026
ElementsKit Elementor addons (CVE-2026-49052) , May 28, 2026
ElementsKit Elementor addons (CVE-2026-49053) , May 28, 2026
EnvíaloSimple: Email Marketing y Newsletters (CVE-2026-7618) , May 28, 2026
Shariff Wrapper (CVE-2026-4334) , May 28, 2026