Skip to main content

Wp Travel Gutenberg Blocks

1 CVEs product

Monthly

CVE-2026-54808 CRITICAL Act Now

Blind SQL injection in the WP Travel Gutenberg Blocks WordPress plugin (versions up to and including 3.9.4) allows remote unauthenticated attackers to inject arbitrary SQL into backend queries, exfiltrating data from the WordPress database via inference-based techniques. The CVSS 9.3 score reflects a scope-changed impact (S:C) where database compromise affects components beyond the plugin itself, though no public exploit identified at time of analysis. The vulnerability was reported by Patchstack and impacts WordPress sites running this travel-booking block plugin in default configurations.

SQLi Wp Travel Gutenberg Blocks
NVD
CVSS 3.1
9.3
EPSS
0.3%
EPSS 0% CVSS 9.3
CRITICAL Act Now

Blind SQL injection in the WP Travel Gutenberg Blocks WordPress plugin (versions up to and including 3.9.4) allows remote unauthenticated attackers to inject arbitrary SQL into backend queries, exfiltrating data from the WordPress database via inference-based techniques. The CVSS 9.3 score reflects a scope-changed impact (S:C) where database compromise affects components beyond the plugin itself, though no public exploit identified at time of analysis. The vulnerability was reported by Patchstack and impacts WordPress sites running this travel-booking block plugin in default configurations.

SQLi Wp Travel Gutenberg Blocks
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy