Shinetheme Traveler
14 CVEs affecting Shinetheme Traveler. Latest disclosed: 2026-03-18. Critical: 4, High: 8.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-25449 | Critical | 9.8 | 2026-03-18 | Deserialization of Untrusted Data vulnerability in shinetheme Traveler traveler allows Object Injection.This issue affects Traveler: from n/a through < 3.2.8.1. |
CVE-2025-52714 | Critical | 9.3 | 2025-07-16 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shinetheme Traveler traveler allows SQL Injection.This is… |
CVE-2025-26898 | Critical | 9.3 | 2025-03-27 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shinetheme Traveler traveler.This issue affects Traveler… |
CVE-2025-26873 | Critical | 9.0 | 2025-03-27 | Deserialization of Untrusted Data vulnerability in shinetheme Traveler traveler.This issue affects Traveler: from n/a through < 3.2.1. |
CVE-2026-24367 | High | 8.5 | 2026-01-22 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shinetheme Traveler traveler allows Blind SQL Injection.T… |
CVE-2025-64371 | High | 8.5 | 2025-12-18 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shinetheme Traveler traveler allows Blind SQL Injection.T… |
CVE-2025-26733 | High | 8.2 | 2025-03-27 | Missing Authorization vulnerability in shinetheme Traveler traveler.This issue affects Traveler: from n/a through < 3.2.1. |
CVE-2025-64373 | High | 8.1 | 2025-12-18 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in shinetheme Traveler traveler allows PH… |
CVE-2025-26956 | High | 7.6 | 2025-03-27 | Missing Authorization vulnerability in shinetheme Traveler traveler.This issue affects Traveler: from n/a through < 3.2.1. |
CVE-2025-59011 | High | 7.5 | 2025-09-26 | Missing Authorization vulnerability in shinetheme Traveler traveler allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects… |
CVE-2025-64372 | High | 7.1 | 2025-12-18 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shinetheme Traveler traveler allows Reflected XSS.This is… |
CVE-2025-59012 | High | 7.1 | 2025-09-26 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shinetheme Traveler traveler allows Reflected XSS.This is… |
CVE-2025-67917 | Medium | 6.5 | 2026-01-08 | Missing Authorization vulnerability in shinetheme Traveler traveler allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects… |
CVE-2025-63028 | Medium | 5.3 | 2025-12-09 | Missing Authorization vulnerability in shinetheme Traveler traveler allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects… |