目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1336 CNY

100%

wptravelengine 厂商漏洞列表 / CVE 中文分析 9

wptravelengine 厂商相关 9 条 CVE 漏洞,含 AI 中文分析、POC、CVSS 评分与受影响产品。

该旅行主题WordPress插件提供旅游网站构建功能,支持行程管理、预订系统等核心业务。历史上存在多个安全漏洞,包括跨站脚本(XSS)、SQL注入、权限绕过和远程代码执行(RCE)等类型,其中9条CVE记录反映了其安全风险。安全团队需关注输入验证不足和权限控制缺陷问题,建议及时更新至最新版本以修复已知漏洞。

CVE IDタイトルCVSS深刻度公開日
CVE-2026-2437 WP Travel Engine - Travel and Tour Booking Plugin <= 6.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via wte_trip_tax Shortcode — WP Travel Engine – Tour Booking Plugin – Tour Operator SoftwareCWE-79 6.4 Medium2026-04-04
CVE-2026-32486 WordPress Travel Booking theme <= 1.3.9 - Broken Access Control vulnerability — Travel BookingCWE-862 5.3 Medium2026-03-13
CVE-2026-24607 WordPress Travel Monster theme <= 1.3.3 - Broken Access Control vulnerability — Travel MonsterCWE-862 5.3 Medium2026-01-23
CVE-2025-7634 WP Travel Engine – Tour Booking Plugin – Tour Operator Software <= 6.6.7 - Unauthenticated Local File Inclusion — WP Travel Engine – Tour Booking Plugin – Tour Operator SoftwareCWE-98 9.8 Critical2025-10-09
CVE-2025-7526 WP Travel Engine – Tour Booking Plugin – Tour Operator Software <= 6.6.7 - Authenticated (Subscriber+) Arbitrary File Deletion via File Renaming — WP Travel Engine – Tour Booking Plugin – Tour Operator SoftwareCWE-22 9.8 Critical2025-10-09
CVE-2025-5282 WP Travel Engine <= 6.5.1 - Missing Authorization to Unauthenticated Arbitrary Post Deletion — WP Travel Engine – Tour Booking Plugin – Tour Operator SoftwareCWE-862 7.5 High2025-06-13
CVE-2024-37272 WordPress Travel Monster theme <= 1.1.2 - Cross Site Request Forgery (CSRF) vulnerability — Travel MonsterCWE-352 4.3 Medium2025-01-02
CVE-2024-12272 WP Travel Engine – Elementor Widgets | Create Travel Booking Website Using WordPress and Elementor <= 1.3.7 - Authenticated (Contributor+) Local File Inclusion — WP Travel Engine – Elementor Widgets | Create Travel Booking Website Using WordPress and ElementorCWE-98 8.8 High2024-12-25
CVE-2024-10606 WP Travel Engine <= 6.2.1 - Missing Authorization to Authenticated (Contributor+) Plugin Settings Update — WP Travel Engine – Tour Booking Plugin – Tour Operator SoftwareCWE-862 4.3 Medium2024-11-23

本页汇总了 wptravelengine 厂商截至目前公开的全部 9 条 CVE 漏洞。每条漏洞均包含 CVSS 评分、CWE 弱点分类、受影响产品与参考链接,并附带 AI 生成的中文分析以便快速判断风险。