CVE-2026-2437 | wptravelengine WP Travel Engine Plugin up to 6.7.5 on WordPress Shortcode wte_trip_tax cross site scripting

Inserito da Angelo Barbosa | Apr 4, 2026 | CVE

A vulnerability classified as problematic has been found in wptravelengine WP Travel Engine Plugin up to 6.7.5 on WordPress. Impacted is the function wte_trip_tax of the component Shortcode Handler. Performing a manipulation results in cross site scripting.

This vulnerability is known as CVE-2026-2437. Remote exploitation of the attack is possible. No exploit is available.

It is recommended to upgrade the affected component.

CVE-2026-2437 | wptravelengine WP Travel Engine Plugin up to 6.7.5 on WordPress Shortcode wte_trip_tax cross site scripting

Post correlati

CVE-2024-4493 | Tenda i21 1.0.0.14(4656) formSetAutoPing ping1/ping2 stack-based overflow

CVE-2024-43607 | Microsoft Windows Server 2008 R2 SP1 up to Server 2022 Routing/Remote Access Service heap-based overflow

CVE-2025-7491 | PHPGurukul Vehicle Parking Management System 1.13 manage-outgoingvehicle.php del sql injection

CVE-2024-1343 | LaborOfficeFree 19.10 Backup Directory permission