cleantalk
Vulnerabilities and Security Researches

WP Travel Engine – Elementor Widgets | Create Travel Booking Website Using WordPress and Elementor, CVE-2024-12272

CVE, Research URL

CVE-2024-12272

Home page URL

Security reports for WP Travel Engine – Elementor Widgets | Create Travel Booking Website Using WordPress and Elementor

Application

WP Travel Engine – Elementor Widgets | Create Travel Booking Website Using WordPress and Elementor

Published on
Dec 25, 2024
Research Description
The WP Travel Engine – Elementor Widgets | Create Travel Booking Website Using WordPress and Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.7 via several widgets. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
Affected versions
max 1.3.8.
Status
vulnerable
Previous vulnerability researches
WP Travel Engine – Elementor Widgets | Create Travel Booking Website Using WordPress and Elementor (CVE-2025-59574) , Apr 26, 2026
WP Travel Engine – Elementor Widgets | Create Travel Booking Website Using WordPress and Elementor (CVE-2024-12272) , Dec 26, 2024
New vulnerability
WordPress Books Gallery (CVE-2026-5347) , Apr 26, 2026
LMS by Masteriyo – WordPress Learning Management System, eLearning Platform, Online Education System & Online Course (CVE-2026-39524) , Apr 26, 2026
Newsletter – Send awesome emails from WordPress (CVE-2025-3582) , Apr 26, 2026
Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Car (CVE-2024-4002) , Apr 26, 2026
Court Reservation – Manage Your Court Bookings Online (CVE-2026-1508) , Apr 26, 2026