VYPR

Tour Master

by Goodlayers

CVEs (2)

  • CVE-2025-32923HigApr 15, 2025
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GoodLayers Tourmaster tourmaster allows Reflected XSS.This issue affects Tourmaster: from n/a through < 5.4.1.

  • CVE-2024-13369MedFeb 18, 2025
    risk 0.42cvss 6.5epss 0.00

    The Tour Master - Tour Booking, Travel, Hotel plugin for WordPress is vulnerable to time-based SQL Injection via the ‘review_id’ parameter in all versions up to, and including, 5.3.7 due to insufficient escaping on the user supplied parameter and lack of sufficient…