Wptravelly

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-39565 MEDIUM This Month

WpTravelly tour-booking-manager plugin through version 2.1.7 allows authenticated users to access sensitive information via broken access control, enabling privilege escalation within WordPress sites. The vulnerability requires user authentication and network access but does not permit modification or denial of service, affecting all WpTravelly installations up to the specified version. EPSS exploitation probability is minimal at 0.02%, and no public exploit code has been identified.

Authentication Bypass Wptravelly

NVD

CVSS 3.1

4.3

EPSS

0.0%

CVE-2026-39565

EPSS 0% CVSS 4.3

MEDIUM This Month

WpTravelly tour-booking-manager plugin through version 2.1.7 allows authenticated users to access sensitive information via broken access control, enabling privilege escalation within WordPress sites. The vulnerability requires user authentication and network access but does not permit modification or denial of service, affecting all WpTravelly installations up to the specified version. EPSS exploitation probability is minimal at 0.02%, and no public exploit code has been identified.

Authentication Bypass Wptravelly

NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy