WordPress WP Travel Gutenberg Blocks plugin

9.3 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel WP Travel Gutenberg Blocks allows Blind SQL Injection.

This issue affects WP Travel Gutenberg Blocks: from n/a through 3.9.4.

Basic Information

ID CVE-2026-54808

Source Patchstack

Published Jun 17, 2026 at 13:51

Affected Product

Vendor WP Travel

Product WP Travel Gutenberg Blocks

Version n/a

Affected Versions WP Travel WP Travel Gutenberg Blocks n/a

CWE Classification

CWE-89

References

patchstack.com /database/wordpress/plugin/wp-travel-blocks/vulnerability/wordpress-wp-travel-gutenberg-blocks-plugin-3-9-4-sql-injection-vulnerability

{
    "lastseen": "",
    "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel WP Travel Gutenberg Blocks allows Blind SQL Injection.\n\nThis issue affects WP Travel Gutenberg Blocks: from n/a through 3.9.4.",
    "published": "2026-06-17T13:51:10.164Z",
    "modified": "2026-06-17T13:51:10.164Z",
    "type": "cve",
    "title": "WordPress WP Travel Gutenberg Blocks plugin <= 3.9.4 - SQL Injection vulnerability",
    "source": "Patchstack",
    "references": "https://patchstack.com/database/wordpress/plugin/wp-travel-blocks/vulnerability/wordpress-wp-travel-gutenberg-blocks-plugin-3-9-4-sql-injection-vulnerability?_s_id=cve",
    "id": "CVE-2026-54808",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89"
    ],
    "cvelist": null,
    "sourceData": "WP Travel WP Travel Gutenberg Blocks n/a",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "WP Travel Gutenberg Blocks",
    "version": "n/a",
    "vendor": "WP Travel",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

WordPress WP Travel Gutenberg Blocks plugin <= 3.9.4 - SQL Injection vulnerability_CVE-2026-54808