cbcvebase.

Themefic Tourfic vulnerabilities

8 known vulnerabilities affecting themefic/tourfic.

Total CVEs
8
CISA KEV
0
Public exploits
1
Exploited in wild
3
Severity breakdown
CRITICAL1HIGH3MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2024-29137P1MEDIUMCVSS 6.1ExploitedPoC≤ 2.11.72024-03-19
CVE-2024-29137 [MEDIUM] CWE-79 CVE-2024-29137: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Tourfic tourfic.This issue affects Tourfic: from n/a through <= 2.11.7.
nvd
CVE-2024-29135P1HIGHCVSS 8.8Exploitedfixed in 2.11.16≤ 2.11.152024-03-19
CVE-2024-29135 [HIGH] CWE-434 CVE-2024-29135: Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Tourfic tourfic.This issue Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Tourfic tourfic.This issue affects Tourfic: from n/a through <= 2.11.15.
nvd
CVE-2024-29136P2HIGHCVSS 8.8Exploitedfixed in 2.11.19≤ 2.11.172024-03-19
CVE-2024-29136 [HIGH] CWE-502 CVE-2024-29136: Deserialization of Untrusted Data vulnerability in Themefic Tourfic tourfic.This issue affects Tourf Deserialization of Untrusted Data vulnerability in Themefic Tourfic tourfic.This issue affects Tourfic: from n/a through <= 2.11.17.
nvd
CVE-2025-24650P3CRITICALCVSS 9.1fixed in 2.15.4≤ 2.15.32025-01-24
CVE-2025-24650 [CRITICAL] CWE-434 CVE-2025-24650: Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Tourfic tourfic allows Upl Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Tourfic tourfic allows Upload a Web Shell to a Web Server.This issue affects Tourfic: from n/a through <= 2.15.3.
nvd
CVE-2026-56064P3HIGHCVSS 8.5≥ n/a, ≤ 2.22.52026-06-26
CVE-2026-56064 [HIGH] CWE-89 CVE-2026-56064: Subscriber SQL Injection in Tourfic <= 2.22.5 versions. Subscriber SQL Injection in Tourfic <= 2.22.5 versions.
nvd
CVE-2024-12032P3MEDIUMCVSS 6.5fixed in 2.15.42024-12-25
CVE-2024-12032 [MEDIUM] CWE-89 CVE-2024-12032: The Tourfic – Ultimate Hotel Booking, Travel Booking & Apartment Booking WordPress Plugin | WooComme The Tourfic – Ultimate Hotel Booking, Travel Booking & Apartment Booking WordPress Plugin | WooCommerce Booking plugin for WordPress is vulnerable to SQL Injection via the 'enquiry_id' parameter of the 'tf_enquiry_reply_email_callback' function in all versions up to, and including, 2.15.3 due to insufficient escaping on the user supplied parameter an
nvd
CVE-2026-39543P4MEDIUMCVSS 5.3≤ 2.21.42026-04-08
CVE-2026-39543 [MEDIUM] CWE-862 CVE-2026-39543: Missing Authorization vulnerability in Themefic Tourfic tourfic allows Exploiting Incorrectly Config Missing Authorization vulnerability in Themefic Tourfic tourfic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tourfic: from n/a through <= 2.21.4.
nvd
CVE-2024-29134P4MEDIUMCVSS 5.4fixed in 2.11.9≤ 2.11.82024-03-19
CVE-2024-29134 [MEDIUM] CWE-79 CVE-2024-29134: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Tourfic tourfic.This issue affects Tourfic: from n/a through <= 2.11.8.
nvd
Themefic Tourfic vulnerabilities | cvebase