Travelicious Travel and Hotel Booking Website Allows Untrusted Data Injection

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

9.8

Travelicious Travel and Hotel Booking Website Allows Untrusted Data Injection

CVE-2025-67997

Summary

The Travelicious website has a weakness that could allow an attacker to inject malicious data, potentially leading to unauthorized changes to the website's behavior. This issue affects all versions of Travelicious up to 1.6.7, and it's recommended that users update to version 1.6.7 or later to fix this issue.

Original title

Deserialization of Untrusted Data vulnerability in BoldThemes Travelicious travelicious allows Object Injection.This issue affects Travelicious: from n/a through < 1.6.7.

Original description

Deserialization of Untrusted Data vulnerability in BoldThemes Travelicious travelicious allows Object Injection.This issue affects Travelicious: from n/a through < 1.6.7.

nvd CVSS3.1 9.8

Vulnerability type

CWE-502 Deserialization of Untrusted Data

https://patchstack.com/database/Wordpress/Theme/travelicious/vulnerability/wordp...

Published: 20 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026