CVE-2025-22691

Name of the Vulnerable Software and Affected Versions WP Travel versions prior to 10.1.0

Description The issue is related to improper neutralization of special elements used in an SQL command, which allows SQL injection. This means that an attacker could potentially inject malicious SQL code to manipulate or extract data from the database. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.

Recommendations For versions prior to 10.1.0, update to version 10.1.0 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive database operations to minimize the risk of exploitation. Avoid using user-input data directly in SQL commands until the issue is resolved.