June 25, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Multiple Microsoft Windows Vulnerabilities
June 13, 2025
Multiple Fortinet Products Vulnerabilities
June 14, 2025
Multiple Microsoft Windows Vulnerabilities
June 13, 2025
Multiple Fortinet Products Vulnerabilities
June 14, 2025
Severity
High
Analysis Summary
CVE-2025-5282 CVSS:7.5
The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_package() function in all versions up to, and including, 6.5.1. This makes it possible for unauthenticated attackers to delete arbitrary posts.
CVE-2025-49454 CVSS:8.1
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LoftOcean TinySalt allows PHP Local File Inclusion.This issue affects TinySalt: from n/a before 3.10.0.
Impact
- Gain Access
Indicators of Compromise
CVE
CVE-2025-5282
CVE-2025-4945
Affected Vendors
- WordPress
Affected Products
- Tour Booking Plugin – Tour Operator Software plugin
- TinySalt Theme - 3.10.0
Remediation
Update the WordPress plugin to the latest available version.