Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

wptravelengine — Vulnerabilities & Security Advisories 9

Browse all 9 CVE security advisories affecting wptravelengine. AI-powered Chinese analysis, POCs, and references for each vulnerability.

WP Travel Engine is a WordPress plugin designed for travel agencies and tour operators to manage bookings, itineraries, and payments. Historically, it has been susceptible to multiple security vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, with nine CVEs documented. These issues often stem from insufficient input validation and improper access controls. While no major public security incidents have been widely reported, the consistent discovery of vulnerabilities highlights ongoing security challenges. Users are advised to maintain updated versions and implement additional security measures to mitigate potential risks associated with these vulnerabilities.

Top products by wptravelengine: WP Travel Engine – Tour Booking Plugin – Tour Operator Software Travel Monster WP Travel Engine – Elementor Widgets | Create Travel Booking Website Using WordPress and Elementor Travel Booking
CVE IDTitleCVSSSeverityPublished
CVE-2026-2437 WP Travel Engine - Travel and Tour Booking Plugin <= 6.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via wte_trip_tax Shortcode — WP Travel Engine – Tour Booking Plugin – Tour Operator SoftwareCWE-79 6.4 Medium2026-04-04
CVE-2026-32486 WordPress Travel Booking theme <= 1.3.9 - Broken Access Control vulnerability — Travel BookingCWE-862 5.3 Medium2026-03-13
CVE-2026-24607 WordPress Travel Monster theme <= 1.3.3 - Broken Access Control vulnerability — Travel MonsterCWE-862 5.3 Medium2026-01-23
CVE-2025-7634 WP Travel Engine – Tour Booking Plugin – Tour Operator Software <= 6.6.7 - Unauthenticated Local File Inclusion — WP Travel Engine – Tour Booking Plugin – Tour Operator SoftwareCWE-98 9.8 Critical2025-10-09
CVE-2025-7526 WP Travel Engine – Tour Booking Plugin – Tour Operator Software <= 6.6.7 - Authenticated (Subscriber+) Arbitrary File Deletion via File Renaming — WP Travel Engine – Tour Booking Plugin – Tour Operator SoftwareCWE-22 9.8 Critical2025-10-09
CVE-2025-5282 WP Travel Engine <= 6.5.1 - Missing Authorization to Unauthenticated Arbitrary Post Deletion — WP Travel Engine – Tour Booking Plugin – Tour Operator SoftwareCWE-862 7.5 High2025-06-13
CVE-2024-37272 WordPress Travel Monster theme <= 1.1.2 - Cross Site Request Forgery (CSRF) vulnerability — Travel MonsterCWE-352 4.3 Medium2025-01-02
CVE-2024-12272 WP Travel Engine – Elementor Widgets | Create Travel Booking Website Using WordPress and Elementor <= 1.3.7 - Authenticated (Contributor+) Local File Inclusion — WP Travel Engine – Elementor Widgets | Create Travel Booking Website Using WordPress and ElementorCWE-98 8.8 High2024-12-25
CVE-2024-10606 WP Travel Engine <= 6.2.1 - Missing Authorization to Authenticated (Contributor+) Plugin Settings Update — WP Travel Engine – Tour Booking Plugin – Tour Operator SoftwareCWE-862 4.3 Medium2024-11-23

This page lists every published CVE security advisory associated with wptravelengine. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.