SQL Injection Vulnerability in Traveler Theme by ShineTheme
CVE-2025-64371

Currently unrated

Key Information:

Vendor

WordPress
Status
Traveler
Vendor
CVE Published:
18 December 2025

What is CVE-2025-64371?

A vulnerability exists in the ShineTheme Traveler theme that allows attackers to exploit improper neutralization of special elements used in SQL commands, specifically through a technique known as Blind SQL Injection. This issue affects versions of the Traveler theme from n/a through 3.2.6, posing a risk to web applications using this theme as it can lead to unauthorized access to sensitive data within the database.

Affected Version(s)

Traveler <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Theme/trave...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

João Pedro S Alcântara (Kinorth) | Patchstack Bug Bounty Program
JSON
.
CVE-2025-64371 : SQL Injection Vulnerability in Traveler Theme by ShineTheme