cleantalk
Vulnerabilities and Security Researches

WP Travel Engine – Best Travel Booking WordPress Plugin, CVE-2025-5282

CVE, Research URL

CVE-2025-5282

Home page URL

Security reports for WP Travel Engine – Best Travel Booking WordPress Plugin

Application

WP Travel Engine – Best Travel Booking WordPress Plugin

Published on
Jun 13, 2025
Research Description
The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_package() function in all versions up to, and including, 6.5.1. This makes it possible for unauthenticated attackers to delete arbitrary posts.
Affected versions
Min -, max 6.5.2.
Status
vulnerable
Previous vulnerability researches
WP Travel Engine – Best Travel Booking WordPress Plugin (CVE-2025-30870) , May 06, 2025
WP Travel Engine – Best Travel Booking WordPress Plugin (CVE-2024-37944) , Jul 14, 2024
WP Travel Engine – Best Travel Booking WordPress Plugin (CVE-2024-10606) , Nov 24, 2024
WP Travel Engine – Best Travel Booking WordPress Plugin (CVE-2022-4974) , Nov 15, 2024
WP Travel Engine – Best Travel Booking WordPress Plugin (CVE-2025-5282) , Jun 15, 2025
New vulnerability
DIOT SCADA with MQTT (CVE-2025-4216) , Jun 16, 2025
Simple Newsletter Plugin – Noptin (CVE-2025-49871) , Jun 16, 2025
Job Board Manager (CVE-2025-49324) , Jun 16, 2025
Bitly URL Shortener (CVE-2025-30629) , Jun 16, 2025
ACF Onyx Poll (CVE-2025-5841) , Jun 16, 2025