cleantalk
Vulnerabilities and Security Researches

Tourfic – Ultimate Hotel Booking, Travel Booking & Apartment Booking WordPress Plugin | WooCommerce Booking, CVE-2026-39543

CVE, Research URL

CVE-2026-39543

Home page URL

Security reports for Tourfic – Ultimate Hotel Booking, Travel Booking & Apartment Booking WordPress Plugin | WooCommerce Booking

Application

Tourfic – Ultimate Hotel Booking, Travel Booking & Apartment Booking WordPress Plugin | WooCommerce Booking

Published on
Apr 08, 2026
Research Description
Missing Authorization vulnerability in Themefic Tourfic tourfic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tourfic: from n/a through <= 2.21.4.
Affected versions
max 2.21.5.
Status
vulnerable
Previous vulnerability researches
Tourfic – Ultimate Hotel Booking, Travel Booking &amp; Apartment Booking WordPress Plugin | WooCommerce Booking (CVE-2024-8860) , Apr 26, 2026
Tourfic – Ultimate Hotel Booking, Travel Booking &amp; Apartment Booking WordPress Plugin | WooCommerce Booking (CVE-2025-24650) , Jan 25, 2025
Tourfic – Ultimate Hotel Booking, Travel Booking &amp; Apartment Booking WordPress Plugin | WooCommerce Booking (CVE-2024-12032) , Dec 26, 2024
Tourfic – Ultimate Hotel Booking, Travel Booking &amp; Apartment Booking WordPress Plugin | WooCommerce Booking (CVE-2026-39543) , Apr 13, 2026
Tourfic – Ultimate Hotel Booking, Travel Booking &amp; Apartment Booking WordPress Plugin | WooCommerce Booking (CVE-2024-29137) , Jun 07, 2024
New vulnerability
Easy FancyBox &#8211; WordPress Lightbox Plugin (CVE-2025-5035) , Apr 26, 2026
Elementor Header &amp; Footer Builder (CVE-2025-9703) , Apr 26, 2026
Event Tickets Manager for WooCommerce – Events and Bookings Calendar, Registration, Event Check-in Using Emails, Edit Your T (CVE-2026-34898) , Apr 26, 2026
Tourfic – Ultimate Hotel Booking, Travel Booking &amp; Apartment Booking WordPress Plugin | WooCommerce Booking (CVE-2024-8860) , Apr 26, 2026
Responsive Lightbox &amp; Gallery (CVE-2025-9710) , Apr 26, 2026