CVE Record: CVE-2025-22691

Required CVE Record Information

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel WP Travel allows SQL Injection. This issue affects WP Travel: from n/a through 10.1.0.

CWE 1 Total

Learn more

CWE-89: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVSS 1 Total

Learn more

Score	Severity	Version	Vector String
7.6	HIGH	3.1	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L

Product Status

Learn more

Versions 1 Total

Default Status: unaffected

affected

Credits

Trương Hữu Phúc (truonghuuphuc) (Patchstack Alliance) finder

References 1 Total

https://patchstack.com/database/wordpress/plugin/wp-travel/vulnerability/wordpress-wp-travel-plugin-10-1-0-sql-injection-vulnerability?_s_id=cve
external site
vdb-entry

Authorized Data Publishers

Learn more

Common vulnerabilities and Exposures (CVE)

Required CVE Record Information

CNA: Patchstack OÜ

Description

CWE 1 Total

CVSS 1 Total

Product Status

Credits

References 1 Total

Authorized Data Publishers

CISA-ADP