PatchSiren

WP Travel Engine CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

CRITICAL WP Travel Engine CVE published 2026-06-15

CVE-2026-49770

CVE-2026-49770 is a critical vulnerability in the WP Travel Engine plugin for WordPress. The vulnerability, which has a CVSS score of 9.8, allows unauthenticated PHP object injection and affects plugin versions <= 6.7.12. The vulnerability was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-49770) and last modified on [cveModifiedAt](https://nvd.nist.gov/vuln/detail/CVE-2026-49770).