N/A
2026-04-03< 6.7.6
WP Travel Engine - Travel and Tour Booking Plugin <= 6.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via wte_trip_tax Shortcode
WP Travel Engine – Tour Booking Plugin – Tour Operator Software
Minimum safe version
6.7.6
Update to 6.7.6 or later to address 18 fixable vulnerabilities
Latest available6.7.10 ✓
Critical 9.8
2025-10-08< 6.6.8
WP Travel Engine – Tour Booking Plugin – Tour Operator Software <= 6.6.7 - Unauthenticated Local File Inclusion
Critical 9.8
2025-10-08< 6.6.8
WP Travel Engine – Tour Booking Plugin – Tour Operator Software <= 6.6.7 - Authenticated (Subscriber+) Arbitrary File Deletion via File Renaming
High 7.5
2025-06-12< 6.5.2
WP Travel Engine <= 6.5.1 - Missing Authorization to Unauthenticated Arbitrary Post Deletion
N/A
2025-06-06< 6.5.2
CVE-2025-49308
Critical 9.8
2025-04-01< 6.3.6
CVE-2025-30870
High 7.5
2025-03-27< 6.3.6
CVE-2025-30871
Medium 4.3
2024-11-23< 6.2.2
CVE-2024-10606
Medium 6.3
2024-10-16< 5.3.8
Freemius SDK <= 2.4.2 - Missing Authorization Checks
Medium 5.4
2024-07-20< 5.9.2
CVE-2024-37944
Medium 5.3
2024-06-09< 5.8.1
CVE-2024-32798
High 7.2
2024-03-29< 5.8.0
CVE-2024-30504
Critical 9.8
2024-03-29< 5.8.0
CVE-2024-30502
N/A
2023-07-18< 5.7.5
WordPress WP Travel Engine Plugin < 5.7.5 is vulnerable to Cross Site Scripting (XSS)
N/A
2022-03-04< 5.3.8
Freemius SDK <= 2.4.2 - Missing Authorization Checks
N/A
2022-02-28< 5.3.8
WordPress WP Travel Engine plugin <= 5.3.7 - Sensitive Information Disclosure vulnerability
N/A
2022-02-28< 5.3.8
WordPress WP Travel Engine plugin <= 5.3.7 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Medium 5.4
2022-01-03< 5.3.8
CVE-2021-24680