WP Travel – Ultimate Travel Booking System, Tour Management Engine

Vulnerabilities 11Slug wp-travelLatest version 11.5.0WordPress.org →

Minimum safe version

11.1.1

Update to 11.1.1 or later to address 11 fixable vulnerabilities

Latest available11.5.0 ✓

Medium 5.3

2026-01-23< 11.1.1

CVE-2026-24568

CVE Wordfence

High 7.6

2025-02-03< 10.1.4

CVE-2025-22691

CVE EUVD Wordfence

Medium 6.5

2025-01-09< 10.0.1

CVE-2024-12067

CVE Wordfence

Medium 6.5

2024-12-06< 9.7.0

CVE-2024-53813

CVE Wordfence Patchstack

Medium 5.9

2024-10-06< 9.4.0

CVE-2024-44039

CVE Patchstack Wordfence

High 7.5

2025-01-02< 7.8.1

CVE-2023-47224

CVE Patchstack Wordfence WPScan

N/A

2023-07-19< 4.2.0

WordPress WP Travel Plugin <= 4.1.4 is vulnerable to Cross Site Scripting (XSS)

Patchstack WPScan CVE

Medium 4.3

2023-07-01< 4.4.7

CVE-2021-4389

CVE Wordfence WPScan

N/A

2023-06-07< 4.4.7

CVE-2021-4342

CVE

N/A

< 4.4.7

Various Affected Software (Various Versions) - Cross-Site Request Forgery Bypass

Wordfence

N/A

2021-03-01< 4.4.7

WordPress WP Travel plugin <= 4.4.6 - Cross-Site Request Forgery (CSRF) vulnerability

Patchstack