Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

WP Travel — Vulnerabilities & Security Advisories 9

Browse all 9 CVE security advisories affecting WP Travel. AI-powered Chinese analysis, POCs, and references for each vulnerability.

WP Travel is a WordPress plugin designed for travel agencies to manage tours, bookings, and itineraries. Historically, it has been susceptible to multiple remote code execution (RCE), cross-site scripting (XSS), and privilege escalation vulnerabilities, often stemming from insufficient input validation and improper access controls. With nine CVEs recorded, these issues have allowed attackers to execute arbitrary code, steal session cookies, and gain elevated privileges. Notable incidents include flaws in the booking system that enabled unauthorized access to customer data and tour modifications. The plugin's frequent updates suggest ongoing security challenges, emphasizing the need for proper hardening and timely patching to mitigate risks.

Top products by WP Travel: WP Travel WP Travel Gutenberg Blocks
CVE IDTitleCVSSSeverityPublished
CVE-2026-24568 WordPress WP Travel plugin <= 11.1.0 - Broken Access Control vulnerability — WP TravelCWE-862 5.3 Medium2026-01-23
CVE-2025-62063 WordPress WP Travel Gutenberg Blocks plugin <= 3.9.2 - Cross Site Scripting (XSS) vulnerability — WP Travel Gutenberg BlocksCWE-79 6.5 Medium2025-10-22
CVE-2025-53207 WordPress WP Travel Gutenberg Blocks plugin <= 3.9.0 - Local File Inclusion Vulnerability — WP Travel Gutenberg BlocksCWE-98 8.1 High2025-08-20
CVE-2025-22691 WordPress WP Travel plugin <= 10.1.3 - SQL Injection vulnerability — WP TravelCWE-89 7.6 High2025-02-03
CVE-2023-47224 WordPress WP Travel plugin <= 7.8.0 - Broken Access Control vulnerability — WP TravelCWE-862 7.5 High2025-01-02
CVE-2024-53813 WordPress WP Travel plugin <= 9.6.0 - Broken Access Control vulnerability — WP TravelCWE-862 6.5 Medium2024-12-06
CVE-2024-44039 WordPress WP Travel plugin <= 9.3.1 - Cross Site Scripting (XSS) vulnerability — WP TravelCWE-79 5.9 Medium2024-10-06
CVE-2024-47627 WordPress WP Travel Gutenberg Blocks plugin <= 3.6.0 - Cross Site Scripting (XSS) vulnerability — WP Travel Gutenberg BlocksCWE-79 6.5 Medium2024-10-05
CVE-2024-43284 WordPress WP Travel Gutenberg Blocks plugin <= 3.5.1 - Cross Site Scripting (XSS) vulnerability — WP Travel Gutenberg BlocksCWE-79 6.5 Medium2024-08-18

This page lists every published CVE security advisory associated with WP Travel. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.