Ghostwire

CVE-2026-45218: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel WP...

HIGH CVSS 7.7

Published: May 12, 2026 | Last Modified: May 12, 2026

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel WP Travel wp-travel allows Blind SQL Injection.This issue affects WP Travel: from n/a through <= 11.4.0.

Ghostwire Analysis — What This Means Practically

High CVSS score indicates significant risk — exploitation could lead to substantial data exposure or system compromise.

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

Security Coverage (1 articles)

References

patchstack.com/database/Wordpress/Plugin/wp-travel/vulnerability/wordpress-wp-tr