SQL Injection Vulnerability in WP Travel Plugin by WordPress
CVE-2025-22691

7.6HIGH

Key Information:

Vendor: WP Travel
Status: WP Travel
Vendor: CVE Published:; 3 February 2025

Summary

An SQL Injection vulnerability has been discovered in the WP Travel plugin for WordPress, allowing attackers to manipulate SQL queries. This flaw enables unauthorized data access and potential database compromise. All users should update to the latest versions to mitigate risks associated with improper sanitization of user input.

Affected Version(s)

WP Travel <= 10.1.0

References

https://patchstack.com/database/wordpress/plugin/wp-trave...

vdb-entry

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Feb 3, 2025
Vulnerability Reserved
Jan 7, 2025

Credit

Trương Hữu Phúc (truonghuuphuc) (Patchstack Alliance)