The WP Travel Engine plugin for WordPress has a security issue that allows attackers to access sensitive information from the database. This is because the plugin does not properly protect against SQL Injection, which is a common hacking technique. This vulnerability affects versions up to 5.7.9.