Traveler

Authenticated (Contributor+) Local File Inclusion via Shortcode vulnerability <= 3.1.8

Missing Authorization in Several AJAX Actions vulnerability <= 3.1.6

Unauthenticated SQL Injection via order_id vulnerability <= 3.1.6

Unauthenticated SQL Injection (SQLi) vulnerability <= 2.8.3

Unauthenticated CrossSite Scripting (XSS) vulnerability <= 2.8.3