Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in Tourfic – Ultimate Hotel Booking, Travel Booking & Apartment Booking WordPress Plugin | WooCommerce Booking 2.11.17

  • Severity: high-risk
  • Status: Fixed
  • Publication: March 18, 2024

The Tourfic is a popular plugin for WordPress that allows users to book hotels, travel, and apartments. However, it has been found to have a security vulnerability known as PHP Object Injection. This means that someone with unauthorized access could potentially inject a malicious code into the plugin, giving them the ability to delete files, access sensitive information, or even execute code. This vulnerability affects all versions of the plugin up to 2.11.17.

Detected in:

Tourfic – Travel Booking, Hotel Booking & Car Rental WordPress Plugin fixed vulnerable versions:
Tourfic – Ultimate Travel Booking, Hotel Booking & Car Rental WordPress Plugin | WooCommerce Booking fixed vulnerable versions: >= * <= 2.11.17
Tourfic — Travel, Hotel & Car Rental Booking for WooCommerce fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.