Threat Entry Updated 2025-06-04

CVE-2023-5934 - All Travel Brands In One Place Plugin

The Travelpayouts: All Travel Brands in One Place WordPress plugin before 1.1.13 does not have CSRF check in place when importing settings from the v1, which could allow attackers to make a logged in admin update some settings via a CSRF attack

PLUGIN All Travel Brands In One Place

CVE-2023-5934

HIGH CVSS 7.3 2025-05-15

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2025-06-04

CVE-2023-5932 - All Travel Brands In One Place Plugin

The Travelpayouts: All Travel Brands in One Place WordPress plugin before 1.1.14 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

PLUGIN All Travel Brands In One Place

CVE-2023-5932

MEDIUM CVSS 4.8 2025-05-15

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2025-05-05

CVE-2024-0337 - All Travel Brands In One Place Plugin

The Travelpayouts: All Travel Brands in One Place WordPress plugin through 1.1.15 is vulnerable to Open Redirect due to insufficient validation on the travelpayouts_redirect variable. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.

PLUGIN All Travel Brands In One Place

CVE-2024-0337

MEDIUM CVSS 6.1 2024-03-20

Risk Score

Open Full Technical Breakdown