- Description
- The Traveler theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.8 via the 'hotel_alone_load_more_post' function 'style' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included.
- Source
- security@wordfence.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security@wordfence.com
- CWE-98
- nvd@nist.gov
- NVD-CWE-Other
- Hype score
- Not currently trending
🚨 CVE-2025-1771 ⚠️🔴 CRITICAL (9.8) 🏢 ShineTheme - Travel Booking WordPress Theme 🏗️ * 🔗 https://t.co/QpaAYpjb9q 🔗 https://t.co/LOH6seZLC3 #CyberCron #VulnAlert #InfoSec https://t.co/s37iVDpqgy
@cybercronai
15 Mar 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New post from https://t.co/uXvPWJyEiR (CVE-2025-1771 | ShineTheme Travel Booking WordPress Theme up to 3.1.8 on WordPress hotel_alone_load_more_post style filename control) has been published on https://t.co/aOmULeWI10
@WolfgangSesin
15 Mar 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New post from https://t.co/uXvPWJyEiR (CVE-2025-1771 | ShineTheme Travel Booking WordPress Theme up to 3.1.8 on WordPress hotel_alone_load_more_post style filename control) has been published on https://t.co/HnhZyxoTJM
@WolfgangSesin
15 Mar 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
�� CVE-2025-1771 - WordPress - HIGH 🚨 🗓️ Date published 2025-03-15 05:15:47 UTC #WordPress #CyberSecurity #InfoSec #Vulnerability #TechNews https://t.co/E5VkAao338
@vulns_space
15 Mar 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-1771 The Traveler theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.8 via the 'hotel_alone_load_more_post' function 'style'… https://t.co/cu89R7swKW
@CVEnew
15 Mar 2025
358 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-1771: CRITICAL] WordPress Traveler theme up to 3.1.8 is susceptible to Local File Inclusion via 'hotel_alone_load_more_post' function. Unauthenticated attackers can execute arbitrary files, bypass contro...#cybersecurity,#vulnerability https://t.co/5tcGdvUyTX https://t.
@CveFindCom
15 Mar 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:shinecommerce:traveler:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "7109F257-C617-40B4-8187-FF273299E9B8",
"versionEndExcluding": "3.1.9"
}
],
"operator": "OR"
}
]
}
]