WP Travel Engine
WP Travel Engine
Developer
6.6.9
Latest version
20,000
Installations
Oct 27, 2025
Last updated
Vulnerability history
0 present
15 fixed
7 Mitigation rules
- Unauthenticated Local File Inclusion vulnerability<= 6.6.7Oct 8, 2025
- Authenticated (Subscriber+) Arbitrary File Deletion via File Renaming vulnerability<= 6.6.7Oct 8, 2025
- Missing Authorization to Unauthenticated Arbitrary Post Deletion vulnerability<= 6.5.1Jun 13, 2025
- Local File Inclusion Vulnerability<= 6.5.1Jun 5, 2025
- Local File Inclusion vulnerability<= 6.3.5Mar 27, 2025
- Local File Inclusion vulnerability<= 6.3.5Mar 27, 2025
- Missing Authorization to Authenticated (Contributor+) Plugin Settings Update vulnerability<= 6.2.1Nov 22, 2024
- Cross Site Scripting (XSS) vulnerability<= 5.9.1Jul 10, 2024
- Price Manipulation vulnerability<= 5.8.0Apr 22, 2024
- SQL Injection vulnerability<= 5.7.9Mar 28, 2024
- Unauth. Blind SQL Injection vulnerability<= 5.7.9Mar 28, 2024
- Reflected Cross Site Scripting (XSS) vulnerability< 5.7.5Jul 18, 2023
- Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability<= 5.3.7Feb 28, 2022
- Sensitive Information Disclosure vulnerability<= 5.3.7Feb 28, 2022
- Stored Cross-Site Scripting (XSS) vulnerability<= 5.3.0Dec 1, 2021