VYPR

Travel Booking

by WordPress

CVEs (2)

  • CVE-2024-11912HigDec 18, 2024
    risk 0.49cvss 7.5epss 0.00

    The Travel Booking WordPress Theme theme for WordPress is vulnerable to blind time-based SQL Injection via the ‘order_id’ parameter in all versions up to, and including, 3.1.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on…

  • CVE-2024-11926MedDec 18, 2024
    risk 0.42cvss 6.5epss 0.00

    The Travel Booking WordPress Theme theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '__stPartnerCreateServiceRental', 'st_delete_order_item', '_st_partner_approve_booking', 'save_order_item', and…