VYPR

Travel Booking Wordpress Theme

by Shinetheme

CVEs (3)

  • CVE-2024-11926MedDec 18, 2024
    risk 0.42cvss 6.5epss 0.00

    The Travel Booking WordPress Theme theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '__stPartnerCreateServiceRental', 'st_delete_order_item', '_st_partner_approve_booking', 'save_order_item', and…

  • CVE-2025-1771Mar 15, 2025
    risk 0.00cvss epss 0.01

    The Traveler theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.8 via the 'hotel_alone_load_more_post' function 'style' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the…

  • CVE-2025-1773Mar 15, 2025
    risk 0.00cvss epss 0.00

    The Traveler theme for WordPress is vulnerable to Reflected Cross-Site Scripting via multiple parameters in all versions up to, and including, 3.1.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject…