Sensitive Information Exposure in Traveler Option Tree by ShineTheme
CVE-2025-49300

2.7LOW

Key Information:

Vendor: WordPress
Status: Traveler Option Tree
Vendor: CVE Published:; 16 December 2025

What is CVE-2025-49300?

The Traveler Option Tree, developed by ShineTheme, is susceptible to a vulnerability that allows for the inadvertent exposure of sensitive data. This occurs when the plugin improperly handles sensitive information, leading to the extraction of sensitive data embedded within sent content. This issue arises in versions up to and including 2.8 of the Traveler Option Tree plugin, potentially putting user information at risk. It is crucial for users of this plugin to assess their current version and ensure they follow best practices in confidentiality and data protection.

Affected Version(s)

Traveler Option Tree <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/cust...

vdb-entry

CVSS V3.1

Score:

2.7

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 16, 2025
Vulnerability Reserved
Jun 4, 2025

Credit

Denver Jackson | Patchstack Bug Bounty Program

JSON