📦 Tour Master

by Goodlayers

🔍 What is Tour Master?

Description coming soon...

🛡️ Security Overview

Click on a severity to filter vulnerabilities

⚠️ Known Vulnerabilities

CVE-2024-12400

HIGH CVSS 7.1 Jan 30, 2025

The tourmaster WordPress plugin before version 5.3.5 fails to properly escape URLs before outputting them in HTML attributes, allowing attackers to inject malicious scripts. This reflected cross-site ...

CVE-2024-13369

MEDIUM CVSS 6.5 Feb 18, 2025

This vulnerability allows authenticated attackers with Subscriber-level access or higher to perform time-based SQL injection attacks through the 'review_id' parameter in the Tour Master WordPress plug...

CVE-2024-11356

MEDIUM CVSS 6.1 Jan 6, 2025

The tourmaster WordPress plugin before version 5.3.4 contains a cross-site scripting (XSS) vulnerability that allows unauthenticated attackers to inject malicious scripts into web pages. This affects ...