cleantalk
Vulnerabilities and Security Researches

Travelpayouts: All Travel Brands in One Place, CVE-2024-0337

CVE, Research URL

CVE-2024-0337

Home page URL

Security reports for Travelpayouts: All Travel Brands in One Place

Application

Travelpayouts: All Travel Brands in One Place

Published on
Mar 20, 2024
Research Description
The Travelpayouts: All Travel Brands in One Place WordPress plugin through 1.1.15 is vulnerable to Open Redirect due to insufficient validation on the travelpayouts_redirect variable. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.
Affected versions
max 1.1.14.
Status
vulnerable
Previous vulnerability researches
Travelpayouts: All Travel Brands in One Place (CVE-2024-0337) , Jun 06, 2024
Travelpayouts: All Travel Brands in One Place (e0a7d8897771e852dbfe2e2a566b536c7e908324) , Jun 06, 2024
Travelpayouts: All Travel Brands in One Place (CVE-2025-68042) , Feb 28, 2026
New vulnerability
Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form (CVE-2026-25418) , Feb 28, 2026
Image Photo Gallery Final Tiles Grid (CVE-2026-25375) , Feb 28, 2026
Share This Image (CVE-2026-25010) , Feb 28, 2026
Bold Page Builder (CVE-2026-25451) , Feb 28, 2026
Bold Page Builder (CVE-2025-13463) , Feb 28, 2026