Shinetheme
Products
2- 3 CVEs
- 1 CVE
Recent CVEs
4| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-11926 | Med | 0.42 | 6.5 | 0.00 | Dec 18, 2024 | The Travel Booking WordPress Theme theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '__stPartnerCreateServiceRental', 'st_delete_order_item', '_st_partner_approve_booking', 'save_order_item', and… | ||
| CVE-2025-49300 | Low | 0.18 | 2.7 | 0.00 | Dec 16, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in shinetheme Traveler Option Tree custom-option-tree allows Retrieve Embedded Sensitive Data.This issue affects Traveler Option Tree: from n/a through <= 2.8. | ||
| CVE-2025-1771 | 0.00 | — | 0.01 | Mar 15, 2025 | The Traveler theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.8 via the 'hotel_alone_load_more_post' function 'style' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the… | |||
| CVE-2025-1773 | 0.00 | — | 0.00 | Mar 15, 2025 | The Traveler theme for WordPress is vulnerable to Reflected Cross-Site Scripting via multiple parameters in all versions up to, and including, 3.1.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject… |
- risk 0.42cvss 6.5epss 0.00
The Travel Booking WordPress Theme theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '__stPartnerCreateServiceRental', 'st_delete_order_item', '_st_partner_approve_booking', 'save_order_item', and…
- risk 0.18cvss 2.7epss 0.00
Insertion of Sensitive Information Into Sent Data vulnerability in shinetheme Traveler Option Tree custom-option-tree allows Retrieve Embedded Sensitive Data.This issue affects Traveler Option Tree: from n/a through <= 2.8.
- CVE-2025-1771Mar 15, 2025risk 0.00cvss —epss 0.01
The Traveler theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.8 via the 'hotel_alone_load_more_post' function 'style' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the…
- CVE-2025-1773Mar 15, 2025risk 0.00cvss —epss 0.00
The Traveler theme for WordPress is vulnerable to Reflected Cross-Site Scripting via multiple parameters in all versions up to, and including, 3.1.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject…