CVE-2026-27089 PUBLISHED

Unauthenticated Bypass Vulnerability in WpTravelly <= 2.1.7 versions.

Update the WordPress WpTravelly Plugin to the latest available version (at least 2.1.8).

• benzdeus | Patchstack Bug Bounty Program finder

• https://patchstack.com/database/wordpress/plugin/tour-booking-manager/vulnerability/wordpress-wptravelly-plugin-2-1-7-bypass-vulnerability-vulnerability?_s_id=cve

• CWE-290 Authentication Bypass by Spoofing CWE

• CAPEC-153 Input Data Manipulation