Wensolutions
Products
3- 8 CVEs
- 2 CVEs
- 2 CVEs
Recent CVEs
12| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-47873 | Cri | 0.60 | 9.1 | 0.02 | Mar 26, 2024 | Unrestricted Upload of File with Dangerous Type vulnerability in WEN Solutions WP Child Theme Generator.This issue affects WP Child Theme Generator: from n/a through 1.0.9. | ||
| CVE-2026-45218 | Hig | 0.50 | 7.7 | 0.00 | May 12, 2026 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel WP Travel wp-travel allows Blind SQL Injection.This issue affects WP Travel: from n/a through <= 11.4.0. | ||
| CVE-2025-22691 | Hig | 0.49 | 7.6 | 0.00 | Feb 3, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel WP Travel wp-travel allows SQL Injection.This issue affects WP Travel: from n/a through <= 10.1.3. | ||
| CVE-2023-47224 | Hig | 0.49 | 7.5 | 0.00 | Jan 2, 2025 | Missing Authorization vulnerability in WP Travel WP Travel wp-travel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Travel: from n/a through <= 7.8.0. | ||
| CVE-2025-49389 | Med | 0.42 | 6.5 | 0.00 | Aug 20, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WEN Solutions Notice Bar notice-bar allows Stored XSS.This issue affects Notice Bar: from n/a through <= 3.1.3. | ||
| CVE-2024-53813 | Med | 0.42 | 6.5 | 0.00 | Dec 6, 2024 | Missing Authorization vulnerability in WP Travel WP Travel wp-travel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Travel: from n/a through <= 9.6.0. | ||
| CVE-2024-44039 | Med | 0.38 | 5.9 | 0.00 | Oct 6, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Travel WP Travel wp-travel allows Stored XSS.This issue affects WP Travel: from n/a through <= 9.3.1. | ||
| CVE-2024-12067 | Med | 0.35 | 6.5 | 0.00 | Jan 9, 2025 | The WP Travel – Ultimate Travel Booking System, Tour Management Engine plugin for WordPress is vulnerable to SQL Injection via the 'booking_itinerary' parameter of the 'wptravel_get_booking_data' function in all versions up to, and including, 10.0.0 due to insufficient… | ||
| CVE-2026-24568 | Med | 0.34 | 5.3 | 0.00 | Jan 23, 2026 | Missing Authorization vulnerability in WP Travel WP Travel wp-travel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Travel: from n/a through <= 11.1.0. | ||
| CVE-2024-3610 | Med | 0.34 | 5.3 | 0.01 | Jun 21, 2024 | The WP Child Theme Generator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wctg_easy_child_theme() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to… | ||
| CVE-2021-4389 | Med | 0.21 | 4.3 | 0.00 | Jul 1, 2023 | The WP Travel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.4.6. This is due to missing or incorrect nonce validation on the save_meta_data() function. This makes it possible for unauthenticated attackers to save metadata… | ||
| CVE-2023-41847 | 0.00 | — | 0.00 | Oct 2, 2023 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WEN Solutions Notice Bar plugin <= 3.1.0 versions. |
- risk 0.60cvss 9.1epss 0.02
Unrestricted Upload of File with Dangerous Type vulnerability in WEN Solutions WP Child Theme Generator.This issue affects WP Child Theme Generator: from n/a through 1.0.9.
- risk 0.50cvss 7.7epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel WP Travel wp-travel allows Blind SQL Injection.This issue affects WP Travel: from n/a through <= 11.4.0.
- risk 0.49cvss 7.6epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel WP Travel wp-travel allows SQL Injection.This issue affects WP Travel: from n/a through <= 10.1.3.
- risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in WP Travel WP Travel wp-travel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Travel: from n/a through <= 7.8.0.
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WEN Solutions Notice Bar notice-bar allows Stored XSS.This issue affects Notice Bar: from n/a through <= 3.1.3.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in WP Travel WP Travel wp-travel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Travel: from n/a through <= 9.6.0.
- risk 0.38cvss 5.9epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Travel WP Travel wp-travel allows Stored XSS.This issue affects WP Travel: from n/a through <= 9.3.1.
- risk 0.35cvss 6.5epss 0.00
The WP Travel – Ultimate Travel Booking System, Tour Management Engine plugin for WordPress is vulnerable to SQL Injection via the 'booking_itinerary' parameter of the 'wptravel_get_booking_data' function in all versions up to, and including, 10.0.0 due to insufficient…
- risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in WP Travel WP Travel wp-travel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Travel: from n/a through <= 11.1.0.
- risk 0.34cvss 5.3epss 0.01
The WP Child Theme Generator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wctg_easy_child_theme() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to…
- risk 0.21cvss 4.3epss 0.00
The WP Travel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.4.6. This is due to missing or incorrect nonce validation on the save_meta_data() function. This makes it possible for unauthenticated attackers to save metadata…
- CVE-2023-41847Oct 2, 2023risk 0.00cvss —epss 0.00
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WEN Solutions Notice Bar plugin <= 3.1.0 versions.