GCVE - cpe:2.3:a:magepeopleteam:wptravelly:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:magepeopleteam:wptravelly:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Magepeopleteam (`0363484c-2251-5ffb-a8d9-1a438f007334`)
Product	Wptravelly (`daf9934f-f45b-5048-88d8-1e4f2f194545`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2026-39565`	vulnerable	2026-06-08 08:01:16.647055	WordPress WpTravelly plugin <= 2.1.7 - Broken Access Control vulnerability MEDIUM (4.3) Missing Authorization vulnerability in magepeopleteam WpTravelly tour-booking-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpTravelly: from n/a through <= 2.1.7. Published: 2026-04-08T08:30:19.049Z Updated: 2026-04-29T09:52:02.130Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/tour-booking-manager/vulnerability/wordpress-wptravelly-plugin-2-1-7-broken-access-control-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-30892`	vulnerable	2026-06-08 07:17:02.005375	WordPress WpTravelly Plugin <= 1.8.7 - PHP Object Injection vulnerability HIGH (8.8) Deserialization of Untrusted Data vulnerability in magepeopleteam WpTravelly tour-booking-manager allows Object Injection.This issue affects WpTravelly: from n/a through <= 1.8.7. Published: 2025-04-01T20:58:07.779Z Updated: 2026-04-28T16:11:59.686Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/tour-booking-manager/vulnerability/wordpress-wptravelly-plugin-1-8-7-php-object-injection-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-30891`	vulnerable	2026-06-08 07:17:01.995305	WordPress WpTravelly Plugin <= 1.8.7 - Local File Inclusion vulnerability HIGH (8.8) Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in magepeopleteam WpTravelly tour-booking-manager allows PHP Local File Inclusion.This issue affects WpTravelly: from n/a through <= 1.8.7. Published: 2025-03-27T10:55:44.852Z Updated: 2026-04-28T16:11:59.695Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/tour-booking-manager/vulnerability/wordpress-wptravelly-plugin-1-8-7-local-file-inclusion-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-22737`	vulnerable	2026-06-08 07:10:54.700188	WordPress WpTravelly Plugin <= 1.8.5 - Broken Access Control vulnerability MEDIUM (5.3) Missing Authorization vulnerability in magepeopleteam WpTravelly tour-booking-manager allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WpTravelly: from n/a through <= 1.8.5. Published: 2025-01-15T15:23:34.798Z Updated: 2026-04-28T16:11:06.049Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/tour-booking-manager/vulnerability/wordpress-wptravelly-plugin-1-8-5-broken-access-control-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.