cleantalk
Vulnerabilities and Security Researches

WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly, CVE-2026-27331

CVE, Research URL

CVE-2026-27331

Home page URL

Security reports for WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly

Application

WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly

Published on
May 27, 2026
Research Description
Missing Authorization vulnerability in Magepeople inc. WpTravelly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpTravelly: from n/a through 2.1.5.
Affected versions
max 2.1.6.
Status
vulnerable
Previous vulnerability researches
VikBooking Hotel Booking Engine & PMS (CVE-2025-5803) , Apr 24, 2026
VikBooking Hotel Booking Engine & PMS (CVE-2026-42683) , May 28, 2026
VikBooking Hotel Booking Engine & PMS (CVE-2022-1408) , Jun 07, 2024
VikBooking Hotel Booking Engine & PMS (CVE-2023-24396) , Jun 07, 2024
VikBooking Hotel Booking Engine & PMS (CVE-2023-25707) , Jun 07, 2024
New vulnerability
Livemesh SiteOrigin Widgets (CVE-2026-3896) , May 28, 2026
SMTP2GO for WordPress – Email Made Easy (CVE-2026-7621) , May 28, 2026
Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks (CVE-2026-42728) , May 28, 2026
Events In City (CVE-2026-8898) , May 28, 2026
ElementsKit Elementor addons (CVE-2026-49052) , May 28, 2026