CVE-2025-1771

Name of the Vulnerable Software and Affected Versions: Traveler theme for WordPress versions up to, and including, 3.1.8

Description: The issue allows unauthenticated attackers to include and execute arbitrary files on the server via the hotel alone load more post function's style parameter. This enables the execution of any PHP code in those files, potentially bypassing access controls, obtaining sensitive data, or achieving code execution if PHP file types can be uploaded and included.

Recommendations: For versions up to, and including, 3.1.8, consider disabling the hotel alone load more post function or restricting access to it until a patch is available. Additionally, restrict the use of the style parameter in the affected function to minimize the risk of exploitation.