Wp Travel Gutenberg Blocks
Monthly
Blind SQL injection in the WP Travel Gutenberg Blocks WordPress plugin (versions up to and including 3.9.4) allows remote unauthenticated attackers to inject arbitrary SQL into backend queries, exfiltrating data from the WordPress database via inference-based techniques. The CVSS 9.3 score reflects a scope-changed impact (S:C) where database compromise affects components beyond the plugin itself, though no public exploit identified at time of analysis. The vulnerability was reported by Patchstack and impacts WordPress sites running this travel-booking block plugin in default configurations.
Blind SQL injection in the WP Travel Gutenberg Blocks WordPress plugin (versions up to and including 3.9.4) allows remote unauthenticated attackers to inject arbitrary SQL into backend queries, exfiltrating data from the WordPress database via inference-based techniques. The CVSS 9.3 score reflects a scope-changed impact (S:C) where database compromise affects components beyond the plugin itself, though no public exploit identified at time of analysis. The vulnerability was reported by Patchstack and impacts WordPress sites running this travel-booking block plugin in default configurations.