VYPR
Vendor

Wensolutions

Products
3
CVEs
12
Across products
12
Status
Private

Products

3

Recent CVEs

12
  • CVE-2023-47873CriMar 26, 2024
    risk 0.60cvss 9.1epss 0.02

    Unrestricted Upload of File with Dangerous Type vulnerability in WEN Solutions WP Child Theme Generator.This issue affects WP Child Theme Generator: from n/a through 1.0.9.

  • CVE-2026-45218HigMay 12, 2026
    risk 0.50cvss 7.7epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel WP Travel wp-travel allows Blind SQL Injection.This issue affects WP Travel: from n/a through <= 11.4.0.

  • CVE-2025-22691HigFeb 3, 2025
    risk 0.49cvss 7.6epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel WP Travel wp-travel allows SQL Injection.This issue affects WP Travel: from n/a through <= 10.1.3.

  • CVE-2023-47224HigJan 2, 2025
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in WP Travel WP Travel wp-travel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Travel: from n/a through <= 7.8.0.

  • CVE-2025-49389MedAug 20, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WEN Solutions Notice Bar notice-bar allows Stored XSS.This issue affects Notice Bar: from n/a through <= 3.1.3.

  • CVE-2024-53813MedDec 6, 2024
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in WP Travel WP Travel wp-travel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Travel: from n/a through <= 9.6.0.

  • CVE-2024-44039MedOct 6, 2024
    risk 0.38cvss 5.9epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Travel WP Travel wp-travel allows Stored XSS.This issue affects WP Travel: from n/a through <= 9.3.1.

  • CVE-2024-12067MedJan 9, 2025
    risk 0.35cvss 6.5epss 0.00

    The WP Travel – Ultimate Travel Booking System, Tour Management Engine plugin for WordPress is vulnerable to SQL Injection via the 'booking_itinerary' parameter of the 'wptravel_get_booking_data' function in all versions up to, and including, 10.0.0 due to insufficient…

  • CVE-2026-24568MedJan 23, 2026
    risk 0.34cvss 5.3epss 0.00

    Missing Authorization vulnerability in WP Travel WP Travel wp-travel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Travel: from n/a through <= 11.1.0.

  • CVE-2024-3610MedJun 21, 2024
    risk 0.34cvss 5.3epss 0.01

    The WP Child Theme Generator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wctg_easy_child_theme() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to…

  • CVE-2021-4389MedJul 1, 2023
    risk 0.21cvss 4.3epss 0.00

    The WP Travel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.4.6. This is due to missing or incorrect nonce validation on the save_meta_data() function. This makes it possible for unauthenticated attackers to save metadata…

  • CVE-2023-41847Oct 2, 2023
    risk 0.00cvss epss 0.00

    Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WEN Solutions Notice Bar plugin <= 3.1.0 versions.