wptravelengine CVE Vulnerabilities & CVE List (9)

Products (CPE): — CVEs: 9

wptravelengine vulnerability overview

Aggregates CVE and security vulnerability intelligence across all wptravelengine-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.

Historical issues mainly involve vendor risk file inclusion and vendor risk sql injection and related problems; some flaws may lead to vendor impact file overwrite, affecting vendor surface software deployment scenarios.

Vulnerability distribution trend (last 24 months)

Showing 19 of 9 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2025-5282 The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_package() function in all versions up to, and including, 6.5.1. This makes it possible for unauthenticated attackers to delete arbitrary posts. [email protected] 7.5 0.26% 2025-06-13 2026-06-17
CVE-2025-30870 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Travel Engine WP Travel Engine wp-travel-engine allows PHP Local File Inclusion.This issue affects WP Travel Engine: from n/a through <= 6.3.5. [email protected] 8.1 0.69% 2025-04-01 2026-06-17
CVE-2025-30871 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Travel Engine WP Travel Engine wp-travel-engine allows PHP Local File Inclusion.This issue affects WP Travel Engine: from n/a through <= 6.3.5. [email protected] 7.5 0.91% 2025-03-27 2026-06-17
CVE-2024-10606 The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpte_onboard_save_function_callback() function in all versions up to, and including, 6.2.1. This makes it possible for authenticated attackers, with contributor-level access and above, to modify several settings that could have an impact such as lost revenue and page updates. [email protected] 4.3 0.29% 2024-11-23 2026-06-17
CVE-2024-37944 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Travel Engine allows Stored XSS.This issue affects WP Travel Engine: from n/a through 5.9.1. [email protected] 6.5 0.26% 2024-07-20 2026-06-17
CVE-2024-32798 Missing Authorization vulnerability in WP Travel Engine.This issue affects WP Travel Engine: from n/a through 5.8.0. [email protected] 7.5 0.34% 2024-06-09 2026-06-17
CVE-2024-30504 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel Engine.This issue affects WP Travel Engine: from n/a through 5.7.9. [email protected] 7.6 0.56% 2024-03-29 2026-06-17
CVE-2024-30502 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel Engine.This issue affects WP Travel Engine: from n/a through 5.7.9. [email protected] 9.3 2.27% 2024-03-29 2026-06-17
CVE-2021-24680 The WP Travel Engine WordPress plugin before 5.3.1 does not escape the Description field in the Trip Destination/Activities/Trip Type and Pricing Category pages, allowing users with a role as low as editor to perform Stored Cross-Site Scripting attacks, even when the unfiltered_html capability is disallowed [email protected] 5.4 0.60% 2022-01-03 2026-06-16
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence