CVE-2025-5282 | WP Travel Engine Plugin up to 6.5.1 on WordPress delete_package authorization

June 12, 2025 Yanac

A vulnerability classified as critical was found in WP Travel Engine Plugin up to 6.5.1 on WordPress. This vulnerability affects the function delete_package. The manipulation leads to missing authorization.

This vulnerability was named CVE-2025-5282. The attack can be initiated remotely. There is no exploit available.VulDB Recent EntriesRead More

CVE-2025-4585 | IRM Newsroom Plugin up to 1.2.17 on WordPress Shortcode irmflat cross site scripting
CVE-2025-47569 | WooCommerce Ultimate Gift Card Plugin up to 2.8.10 on WordPress sql injection