SQL Injection Vulnerability in Traveler Theme by ShineTheme
CVE-2025-64371

8.5HIGH

Key Information:

Vendor: WordPress
Status: Traveler
Vendor: CVE Published:; 18 December 2025

What is CVE-2025-64371?

A vulnerability exists in the ShineTheme Traveler theme that allows attackers to exploit improper neutralization of special elements used in SQL commands, specifically through a technique known as Blind SQL Injection. This issue affects versions of the Traveler theme from n/a through 3.2.6, posing a risk to web applications using this theme as it can lead to unauthorized access to sensitive data within the database.

Affected Version(s)

Traveler <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Theme/trave...

vdb-entry

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Dec 18, 2025
Vulnerability Reserved
Oct 31, 2025

Credit

João Pedro S Alcântara (Kinorth) | Patchstack Bug Bounty Program

JSON