cleantalk
Vulnerabilities and Security Researches

WP Travel Engine – Best Travel Booking WordPress Plugin, CVE-2025-49308

CVE, Research URL

CVE-2025-49308

Home page URL

Security reports for WP Travel Engine – Best Travel Booking WordPress Plugin

Application

WP Travel Engine – Best Travel Booking WordPress Plugin

Published on
Jun 06, 2025
Research Description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Travel Engine WP Travel Engine allows PHP Local File Inclusion. This issue affects WP Travel Engine: from n/a through 6.5.1.
Affected versions
Min -, max 6.5.2.
Status
vulnerable
Previous vulnerability researches
WC Fields Factory (CVE-2023-0277) , Jun 07, 2024
WC Fields Factory (6cc027737736ffa5a4ad7d18f7aacab3368b4dae) , Jun 07, 2024
New vulnerability
Market Exporter (CVE-2025-49269) , Jun 15, 2025
Advanced Settings (CVE-2025-49865) , Jun 15, 2025
Profiler – What Slowing Down Your WP (CVE-2025-5814) , Jun 15, 2025
Digital Marketing and Agency Templates Addons for Elementor (CVE-2025-5938) , Jun 15, 2025
Admin Notes (CVE-2025-49446) , Jun 15, 2025