Vulnerabilidades en wptravelengine
10 resultadosCVE-2025-7526CRITICALWP Travel Engine – Tour Booking Plugin – Tour Operator Software <= 6.6.7 - Authenticated (Subscriber+) Arbitrary File Deletion via File RenamingEPSS 0.8%CVE-2025-7634CRITICALWP Travel Engine – Tour Booking Plugin – Tour Operator Software <= 6.6.7 - Unauthenticated Local File InclusionEPSS 0.8%CVE-2024-12272HIGHWP Travel Engine – Elementor Widgets | Create Travel Booking Website Using WordPress and Elementor <= 1.3.7 - Authenticated (Contributor+) Local File InclusionEPSS 0.7%CVE-2022-4974MEDIUMFreemius SDK <= 2.4.2 - Missing Authorization ChecksEPSS 0.4%CVE-2026-24607MEDIUMWordPress Travel Monster theme <= 1.3.3 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-10606MEDIUMWP Travel Engine <= 6.2.1 - Missing Authorization to Authenticated (Contributor+) Plugin Settings UpdateEPSS 0.3%CVE-2025-5282HIGHWP Travel Engine <= 6.5.1 - Missing Authorization to Unauthenticated Arbitrary Post DeletionEPSS 0.3%CVE-2026-32486MEDIUMWordPress Travel Booking theme <= 1.3.9 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2024-37272MEDIUMWordPress Travel Monster theme <= 1.1.2 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2026-2437MEDIUMWP Travel Engine - Travel and Tour Booking Plugin <= 6.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via wte_trip_tax ShortcodeEPSS 0.2%