Wptravelengine Wp Travel Engine – Tour Booking Plugin – Tour Operator Software
6 CVEs affecting Wptravelengine Wp Travel Engine – Tour Booking Plugin – Tour Operator Software. Latest disclosed: 2026-04-04. Critical: 2, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-7634 | Critical | 9.8 | 2025-10-09 | The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and inclu… |
CVE-2025-7526 | Critical | 9.8 | 2025-10-09 | The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to arbitrary file deletion (via renaming) due to insuffi… |
CVE-2025-5282 | High | 7.5 | 2025-06-13 | The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability… |
CVE-2026-2437 | Medium | 6.4 | 2026-04-04 | The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wte_tri… |
CVE-2022-4974 | Medium | 6.3 | 2024-10-16 | The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to… |
CVE-2024-10606 | Medium | 4.3 | 2024-11-23 | The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to unauthorized modification of data due to a missing ca… |