cleantalk
Vulnerabilities and Security Researches

Travelpayouts: All Travel Brands in One Place, CVE-2025-68042

CVE, Research URL

CVE-2025-68042

Home page URL

Security reports for Travelpayouts: All Travel Brands in One Place

Application

Travelpayouts: All Travel Brands in One Place

Published on
Feb 20, 2026
Research Description
Missing Authorization vulnerability in Travelpayouts Travelpayouts travelpayouts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travelpayouts: from n/a through <= 1.2.1.
Affected versions
max 1.2.1.
Status
vulnerable
Previous vulnerability researches
Woo File Dropzone (CVE-2025-68862) , Feb 27, 2026
New vulnerability
MailChimp List Subscribe Form (CVE-2025-12172) , Feb 28, 2026
Visitor Maps Extended Referer Field (CVE-2025-69389) , Feb 28, 2026
Event Manager and Tickets Selling Plugin for WooCommerce &#8211; WpEvently &#8211; WordPress Plugin (CVE-2026-24942) , Feb 28, 2026
Event Manager and Tickets Selling Plugin for WooCommerce &#8211; WpEvently &#8211; WordPress Plugin (CVE-2026-23549) , Feb 28, 2026
Event Manager and Tickets Selling Plugin for WooCommerce &#8211; WpEvently &#8211; WordPress Plugin (CVE-2026-24954) , Feb 28, 2026