WordPress Plugin Vulnerabilities

WP Travel < 10.0.1 - Subscriber+ SQL Injection

Description

The plugin is vulnerable to SQL Injection via the 'booking_itinerary' parameter of the 'wptravel_get_booking_data' function due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Affects Plugins

Plugin icon
wp-travel
Fixed in 10.0.1

References

CVE
CVE-2024-12067
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/4e0f38db-84bb-4ba9-9068-40937e78010d

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
7.7 (high)

Miscellaneous

Original Researcher
shaman0x01
Verified
No
WPVDB ID
4ab03b77-c119-4930-b7ed-92d6d53b8204

Timeline

Publicly Published
2025-01-08 (about 1 year ago)
Added
2025-01-08 (about 1 year ago)
Last Updated
2025-11-24 (about 6 months ago)

Other

Published
Title
Published
2025-05-22
Title
Entrada <= 5.7.7 - Unauthenticated SQL Injection
Published
2025-07-14
Title
CoSchool LMS <= 1.4.3 - Authenticated (Subscriber+) SQL Injection
Published
2022-01-03
Title
Wicked Folders < 2.8.10 - Subscriber+ SQL Injection
Published
2023-12-21
Title
Clockwork SMS Notfications <= 3.0.4 - Authenticated(Administrator+) SQL Injection
Published
2021-07-08
Title
Astra Pro Addon < 3.5.2 - Unauthenticated SQL Injection