Medium 6.5 Unfixed
2026-02-20≤ 1.2.2
CVE-2025-68042
Travelpayouts
Minimum safe version
1.1.17
Update to 1.1.17 or later to address 5 fixable vulnerabilities
Latest available1.2.2 ✓⚠ 1 vulnerability has no fix
High 7.3
2025-05-15< 1.1.13
Travelpayouts <= 1.1.12 - Cross-Site Request Forgery to Settings Import
Medium 4.8
2025-05-16< 1.1.14
WordPress Travelpayouts Plugin < 1.1.14 is vulnerable to Cross Site Scripting (XSS)
Medium 6.1
2024-03-20< 1.1.17
CVE-2024-0337
N/A
< 1.0.17
Travelpayouts < 1.0.17 - CSRF Bypass due to Outdated Redux Framework
N/A
2021-09-13< 1.0.17
Travelpayouts <= 1.0.16 - Cross-Site Request Forgery