CVE-2026-4290 | WPTravel WP Travel Pro Plugin up to 10.6.0 on WordPress REST API Endpoint travel-guide Database::delete authorization

SecurityVulns
Yanac

A vulnerability, which was classified as critical, was found in WPTravel WP Travel Pro Plugin up to 10.6.0 on WordPress. This impacts the function Database::delete of the file /wp-json/wp-travel/v1/travel-guide/ of the component REST API Endpoint. Executing a manipulation can lead to missing authorization.

This vulnerability is tracked as CVE-2026-4290. The attack can be launched remotely. No exploit exists.VulDB Recent EntriesRead More