Shinetheme Traveler vulnerabilities
14 known vulnerabilities affecting shinetheme/traveler.
Total CVEs
14
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH8MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2025-52714P2CRITICALCVSS 9.3≤ 3.2.22025-07-16
CVE-2025-52714 [CRITICAL] CWE-89 CVE-2025-52714: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shinetheme Traveler traveler allows SQL Injection.This issue affects Traveler: from n/a through < 3.2.2.
nvd
CVE-2026-25449P3CRITICALCVSS 9.8≤ 3.2.8.12026-03-18
CVE-2026-25449 [CRITICAL] CWE-502 CVE-2026-25449: Deserialization of Untrusted Data vulnerability in shinetheme Traveler traveler allows Object Inject
Deserialization of Untrusted Data vulnerability in shinetheme Traveler traveler allows Object Injection.This issue affects Traveler: from n/a through < 3.2.8.1.
nvd
CVE-2025-26898P3CRITICALCVSS 9.3≤ 3.2.12025-03-27
CVE-2025-26898 [CRITICAL] CWE-89 CVE-2025-26898: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shinetheme Traveler traveler.This issue affects Traveler: from n/a through < 3.2.1.
nvd
CVE-2025-64371P3HIGHCVSS 8.5≤ 3.2.62025-12-18
CVE-2025-64371 [HIGH] CWE-89 CVE-2025-64371: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shinetheme Traveler traveler allows Blind SQL Injection.This issue affects Traveler: from n/a through < 3.2.6.
nvd
CVE-2026-24367P3HIGHCVSS 8.5≤ 3.2.82026-01-22
CVE-2026-24367 [HIGH] CWE-89 CVE-2026-24367: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shinetheme Traveler traveler allows Blind SQL Injection.This issue affects Traveler: from n/a through < 3.2.8.
nvd
CVE-2025-26873P3CRITICALCVSS 9.0≤ 3.2.12025-03-27
CVE-2025-26873 [CRITICAL] CWE-502 CVE-2025-26873: Deserialization of Untrusted Data vulnerability in shinetheme Traveler traveler.This issue affects T
Deserialization of Untrusted Data vulnerability in shinetheme Traveler traveler.This issue affects Traveler: from n/a through < 3.2.1.
nvd
CVE-2025-64373P3HIGHCVSS 8.1≤ 3.2.62025-12-18
CVE-2025-64373 [HIGH] CWE-98 CVE-2025-64373: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in shinetheme Traveler traveler allows PHP Local File Inclusion.This issue affects Traveler: from n/a through < 3.2.6.
nvd
CVE-2025-26733P3HIGHCVSS 8.2≤ 3.2.12025-03-27
CVE-2025-26733 [HIGH] CWE-862 CVE-2025-26733: Missing Authorization vulnerability in shinetheme Traveler traveler.This issue affects Traveler: fro
Missing Authorization vulnerability in shinetheme Traveler traveler.This issue affects Traveler: from n/a through < 3.2.1.
nvd
CVE-2025-26956P3HIGHCVSS 7.6≤ 3.2.12025-03-27
CVE-2025-26956 [HIGH] CWE-862 CVE-2025-26956: Missing Authorization vulnerability in shinetheme Traveler traveler.This issue affects Traveler: fro
Missing Authorization vulnerability in shinetheme Traveler traveler.This issue affects Traveler: from n/a through < 3.2.1.
nvd
CVE-2025-59011P3HIGHCVSS 7.5≤ 3.2.32025-09-26
CVE-2025-59011 [HIGH] CWE-862 CVE-2025-59011: Missing Authorization vulnerability in shinetheme Traveler traveler allows Exploiting Incorrectly Co
Missing Authorization vulnerability in shinetheme Traveler traveler allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Traveler: from n/a through < 3.2.3.
nvd
CVE-2025-67917P4MEDIUMCVSS 6.5≤ 3.2.62026-01-08
CVE-2025-67917 [MEDIUM] CWE-862 CVE-2025-67917: Missing Authorization vulnerability in shinetheme Traveler traveler allows Exploiting Incorrectly Co
Missing Authorization vulnerability in shinetheme Traveler traveler allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Traveler: from n/a through <= 3.2.6.
nvd
CVE-2025-63028P4MEDIUMCVSS 5.3≤ 3.2.62025-12-09
CVE-2025-63028 [MEDIUM] CWE-862 CVE-2025-63028: Missing Authorization vulnerability in shinetheme Traveler traveler allows Exploiting Incorrectly Co
Missing Authorization vulnerability in shinetheme Traveler traveler allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Traveler: from n/a through <= 3.2.6.
nvd
CVE-2025-59012P4HIGHCVSS 7.1≤ 3.2.32025-09-26
CVE-2025-59012 [HIGH] CWE-79 CVE-2025-59012: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shinetheme Traveler traveler allows Reflected XSS.This issue affects Traveler: from n/a through < 3.2.3.
nvd
CVE-2025-64372P4HIGHCVSS 7.1≤ 3.2.62025-12-18
CVE-2025-64372 [HIGH] CWE-79 CVE-2025-64372: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shinetheme Traveler traveler allows Reflected XSS.This issue affects Traveler: from n/a through < 3.2.6.
nvd