CYBERHAWK / CVE / CVE-2026-4290

CVE-2026-4290

WP Travel Pro WordPress Plugin

CRITICAL CVSS 9.1 vibe

The flaw

Unauthenticated arbitrary user deletion via REST API endpoint.

What to do

Update to WP Travel Pro version 10.6.1 or later

▸ Scan my repo for CVE-2026-4290

References

NVD CISA KEV OSV GitHub Advisory MITRE News search
First seen 2026-06-05 · Tracked by PickBits CyberHawk · Weekly CVE digest
← All CVEs RSS Scheduled audits