Vulnerabilities in WPTravel

3 results

CVE-2021-4389MEDIUMWP Travel <= 4.4.6 - Cross-Site Request Forgery BypassEPSS 0.5%CVE-2024-12067MEDIUMWP Travel – Ultimate Travel Booking System, Tour Management Engine <= 10.0.0 - Authenticated (Subscriber+) SQL InjectionEPSS 0.5%CVE-2026-4290CRITICALWP Travel Pro <= 10.6.0 - Missing Authorization to Unauthenticated Arbitrary User Deletion Including AdministratorsEPSS 0.3%