ISO 27001 Certificate
SOC 1 Type I Certificate
SOC 2 Type II Certificate
PCI DSS
HIPAA
RGPD
Internal validation & live display
Multiple badges & continuous verification
Faster underwriting decisions
ISOSOC2 Type 1SOC2 Type 2PCI DSSHIPAAGDPR

Expedia is one of the world's leading full-service travel brands, helping travelers get the most out of every trip they take by making the travel process seamless. With Expedia, travelers can plan and book flights, hotels, vacation packages, and car rentals in one complete marketplace. Expedia offers intelligent tools, personalized recommendations, and a booking experience that saves you money – making it easier to explore the world. Use our mobile app or visit www.expedia.com to start your next adventure. Why choose Expedia? Expedia is your all-in-one travel shop, providing access to a large inventory of flights, hotels, vacation packages, activities and car rentals, with savings for every part of your trip.Our smart recommendation and comparison tools make for thoughtful travel planning. And with Expedia, you can bundle now or later and still get savings towards your trip, for a travel planning experience that moves with you. For Partners Expedia connects travel businesses with millions of engaged travelers worldwide. Our partner solutions help hotels, airlines, and service providers grow bookings, optimize visibility, and deliver exceptional guest experiences. Expedia is the flagship travel brand of Expedia Group.

Expedia A.I CyberSecurity Scoring

Expedia

Company Details

Linkedin ID:

expedia

Employees number:

None employees

Number of followers:

234

NAICS:

5615

Industry Type:

Travel Arrangements

Homepage:

expedia.com

IP Addresses:

0

Company ID:

EXP_2829882

Scan Status:

In-progress

AI scoreExpedia Risk Score (AI oriented)

Between 750 and 799

https://images.rankiteo.com/companyimages/expedia.jpeg
Expedia Travel Arrangements
Updated:
  • Powered by our proprietary A.I cyber incident model
  • Insurance preferes TPRM score to calculate premium
globalscoreExpedia Global Score (TPRM)

XXXX

https://images.rankiteo.com/companyimages/expedia.jpeg
Expedia Travel Arrangements
  • Instant access to detailed risk factors
  • Benchmark vs. industry & size peers
  • Vulnerabilities
  • Findings

Expedia Company CyberSecurity News & History

Past Incidents
3
Attack Types
1
EntityTypeSeverityImpactSeenBlog DetailsIncident DetailsView
Expedia GroupBreach5026/2016
Rankiteo Explanation :
Attack limited on finance or reputation

Description: Orbitz, a subsidiary of online travel agency Expedia Inc EXPE.O, said hackers may have accessed personal information from about 880,000 payment cards. The breach had occurred between Jan. 1, 2016 and Dec. 22, 2017 for its partner platform and between Jan. 1, 2016, and June 22, 2016, for its consumer platform. Information such as names, phone numbers, email and billing addresses have been accessed. For U.S. customers, social security numbers were not involved in this incident, the company said. The company said it has addressed the breach after it was discovered in March this year. Credit card issuer American Express Co AXP.N said in a statement that the attack did not compromise its platforms. Expedia’s shares fell as much as 1.9 percent to $108.99.

Expedia Group, Inc.Breach6023/2021
Rankiteo Explanation :
Attack limited on finance or reputation

Description: On March 2, 2022, Expedia Group, Inc. disclosed a data breach that occurred on **March 24, 2021**, impacting **three individuals** whose **credit card information** was potentially compromised. The incident was categorized under the type '**Other**' in the breach classification. While the scale of the breach was limited—affecting only a small number of customers—Expedia responded by offering **12 months of identity theft protection services** through its **Expedia IdentityWorks** program to mitigate potential risks. The breach did not involve large-scale data exfiltration, systemic financial fraud, or broader reputational damage beyond the immediate notification and remediation efforts. No evidence suggested the compromised data was used for fraudulent activities, and the company’s operational continuity remained unaffected. The incident primarily highlighted vulnerabilities in payment data security, though the impact was confined to a minimal subset of users without escalating into wider systemic consequences.

trivagoBreach100507/2022
Rankiteo Explanation :
Attack threatening the organization's existence

Description: Nearly 300,000 Israelis' personal information was made public by an Iranian hacker organization targeting websites for Israeli travelers. The compromised information includes ID numbers, addresses, credit card details, and more from Israeli travel sites. The security of more than 20 travel-related websites was hacked, including hotel4u.co.il, hotels.co.il, isrotel.com, minihotel.co.il, trivago.co.il, and danhotels.com. They sent the data breach letters to all affected and asked them to be alerted.

Expedia Group
Breach
Severity: 50
Impact: 2
Seen: 6/2016
Blog:
Rankiteo Explanation
Attack limited on finance or reputation

Description: Orbitz, a subsidiary of online travel agency Expedia Inc EXPE.O, said hackers may have accessed personal information from about 880,000 payment cards. The breach had occurred between Jan. 1, 2016 and Dec. 22, 2017 for its partner platform and between Jan. 1, 2016, and June 22, 2016, for its consumer platform. Information such as names, phone numbers, email and billing addresses have been accessed. For U.S. customers, social security numbers were not involved in this incident, the company said. The company said it has addressed the breach after it was discovered in March this year. Credit card issuer American Express Co AXP.N said in a statement that the attack did not compromise its platforms. Expedia’s shares fell as much as 1.9 percent to $108.99.

Expedia Group, Inc.
Breach
Severity: 60
Impact: 2
Seen: 3/2021
Blog:
Rankiteo Explanation
Attack limited on finance or reputation

Description: On March 2, 2022, Expedia Group, Inc. disclosed a data breach that occurred on **March 24, 2021**, impacting **three individuals** whose **credit card information** was potentially compromised. The incident was categorized under the type '**Other**' in the breach classification. While the scale of the breach was limited—affecting only a small number of customers—Expedia responded by offering **12 months of identity theft protection services** through its **Expedia IdentityWorks** program to mitigate potential risks. The breach did not involve large-scale data exfiltration, systemic financial fraud, or broader reputational damage beyond the immediate notification and remediation efforts. No evidence suggested the compromised data was used for fraudulent activities, and the company’s operational continuity remained unaffected. The incident primarily highlighted vulnerabilities in payment data security, though the impact was confined to a minimal subset of users without escalating into wider systemic consequences.

trivago
Breach
Severity: 100
Impact: 5
Seen: 07/2022
Blog:
Rankiteo Explanation
Attack threatening the organization's existence

Description: Nearly 300,000 Israelis' personal information was made public by an Iranian hacker organization targeting websites for Israeli travelers. The compromised information includes ID numbers, addresses, credit card details, and more from Israeli travel sites. The security of more than 20 travel-related websites was hacked, including hotel4u.co.il, hotels.co.il, isrotel.com, minihotel.co.il, trivago.co.il, and danhotels.com. They sent the data breach letters to all affected and asked them to be alerted.

Ailogo

Expedia Company Scoring based on AI Models

Cyber Incidents Likelihood 3 - 6 - 9 months

🔒
Incident Predictions locked
Access Monitoring Plan

A.I Risk Score Likelihood 3 - 6 - 9 months

🔒
A.I. Risk Score Predictions locked
Access Monitoring Plan
statics

Underwriter Stats for Expedia

Incidents vs Travel Arrangements Industry Average (This Year)

No incidents recorded for Expedia in 2025.

Incidents vs All-Companies Average (This Year)

No incidents recorded for Expedia in 2025.

Incident Types Expedia vs Travel Arrangements Industry Avg (This Year)

No incidents recorded for Expedia in 2025.

Incident History — Expedia (X = Date, Y = Severity)

Expedia cyber incidents detection timeline including parent company and subsidiaries

Expedia Company Subsidiaries

SubsidiaryImage

Expedia is one of the world's leading full-service travel brands, helping travelers get the most out of every trip they take by making the travel process seamless. With Expedia, travelers can plan and book flights, hotels, vacation packages, and car rentals in one complete marketplace. Expedia offers intelligent tools, personalized recommendations, and a booking experience that saves you money – making it easier to explore the world. Use our mobile app or visit www.expedia.com to start your next adventure. Why choose Expedia? Expedia is your all-in-one travel shop, providing access to a large inventory of flights, hotels, vacation packages, activities and car rentals, with savings for every part of your trip.Our smart recommendation and comparison tools make for thoughtful travel planning. And with Expedia, you can bundle now or later and still get savings towards your trip, for a travel planning experience that moves with you. For Partners Expedia connects travel businesses with millions of engaged travelers worldwide. Our partner solutions help hotels, airlines, and service providers grow bookings, optimize visibility, and deliver exceptional guest experiences. Expedia is the flagship travel brand of Expedia Group.

Loading...
similarCompanies

Expedia Similar Companies

Enterprise Mobility

At Enterprise Mobility™ we are paving a new way forward by creating better experiences for how we move. We give people around the world the ability to connect in ways that suit their unique needs. It’s a bold idea that has defined our purpose-led, people-first organization for over 65 years, and it’

Hertz

Hertz is one of the world’s largest mobility companies, and through its indirect subsidiary, The Hertz Corporation, operates the Hertz, Dollar, and Thrifty vehicle rental brands throughout North America, Europe, the Caribbean, Latin America, Africa, the Middle East, Asia, Australia, and New Zealand.

BCD Travel

BCD Travel helps companies travel smart and achieve more. We drive program adoption, cost savings and talent retention through digital experiences that simplify business travel. Our 15,000+ dedicated team members service clients in 170+ countries as we shape a sustainable future for business travel.

Carnival Cruise Line

Since our founding in 1972, Carnival Cruise Line — "The World’s Most Popular Cruise Line®” — carries millions of passengers every year. We offer a fun and unique career destination for a wide range of professionals in Marketing, IT, Accounting/Audit, Finance, Marine Operations and Human Resources, j

DER Touristik vormals REWE Touristik GmbH

DER TOURISTIK GROUP AUF WACHSTUMSKURS Die DER Touristik Group gehört heute zu den führenden europäischen Reisekonzernen. Sie vereint unter ihrem Dach verschiedene Geschäftsfelder rund ums Thema Reisen und agiert seit 2018 strukturell als Holding mit vier Divisions. Durch den Zukauf der europäische

Royal Caribbean Group

At Royal Caribbean Group, we deliver unforgettable vacations to guests who trust us with life’s greatest moments. We build the best ships, and even better careers, all while doing the right thing. We are passionate. We are innovative. We are unstoppable. We open the world to our employees. Your jour

Princess Cruises

Princess is the world’s leading premium cruise line operating a fleet of modern ships visiting over 380 destinations around the globe on more than 160 itineraries. Each moment on Princess is one of wonderful discovery where guests can relax and explore. The choices are endless, from invigorating act

Norwegian Cruise Line Holdings Ltd.

Norwegian Cruise Line Holdings Ltd. (NYSE: NCLH) is a leading global cruise company which operates Norwegian Cruise Line, Oceania Cruises and Regent Seven Seas Cruises. With a combined fleet of 32 ships and approximately 66,500 berths, NCLH offers itineraries to approximately 700 destinations worl

CWT is a global business travel and meetings specialist, with whom companies and governments partner to keep their people connected, in traditional business locations and some of the most remote and inaccessible parts of the globe. A private company – owned through funds managed by a group of leadin

newsone

Expedia CyberSecurity News

December 13, 2025 12:11 AM
A comprehensive list of 2025 tech layoffs

The tech layoff wave is still kicking in 2025. Last year saw more than 150,000 job cuts across 549 companies, according to independent...

December 10, 2025 02:15 PM
Expedia Group Announces Agreement to Acquire Tiqets to Expand Global Activities and Experiences

SEATTLE, December 10, 2025--Expedia Group today announced it has entered into an agreement to acquire Tiqets, an Amsterdam-based global...

December 09, 2025 01:00 PM
Former Medio, Amazon and Expedia leaders launch new AI-focused investment firm

From left: Yotam Avrahami, Brian Lent, and John Kim. (VQ Capital Photo). Veteran tech operators with ties to Seattle are launching a new...

November 12, 2025 08:00 AM
Phishing Attack Impersonates Travel Brands Using 4,300 Malicious Domains

A Russian-speaking threat actor has orchestrated an extensive phishing campaign that has registered over 4300 malicious domains targeting...

November 12, 2025 08:00 AM
Massive Phishing Attack Impersonate as Travel Brands Attacking Users with 4,300 Malicious Domains

Global phishing scam uses 4300 fake travel sites posing as hotel bookings to steal payment card data from unsuspecting travelers.

November 10, 2025 08:00 AM
Large-Scale ClickFix Phishing Attacks Target Hotel Systems with PureRAT Malware

Cybersecurity researchers have called attention to a massive phishing campaign targeting the hospitality industry that lures hotel managers...

November 07, 2025 08:00 AM
“I Paid Twice” Scam Infects Booking.com Users with PureRAT via ClickFix

Sekoia, a cyber threat detection and response specialist, has released details on a widespread and ongoing cybercrime operation that first...

November 07, 2025 08:00 AM
Expedia shares jump on strong bookings from business clients

(Reuters) -Shares of Expedia rose 15% on Friday after the online travel agent forecast higher 2025 revenue and margin growth, ​banking on...

November 07, 2025 08:00 AM
Expedia raises 2025 revenue growth forecast on strong US business

(Reuters) -Online travel platform Expedia (EXPE) boosted its forecast for 2025 revenue growth, after beating ​Wall Street estimates for...

faq

Frequently Asked Questions

Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.

Expedia CyberSecurity History Information

Official Website of Expedia

The official website of Expedia is http://www.expedia.com.

Expedia’s AI-Generated Cybersecurity Score

According to Rankiteo, Expedia’s AI-generated cybersecurity score is 786, reflecting their Fair security posture.

How many security badges does Expedia’ have ?

According to Rankiteo, Expedia currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.

Does Expedia have SOC 2 Type 1 certification ?

According to Rankiteo, Expedia is not certified under SOC 2 Type 1.

Does Expedia have SOC 2 Type 2 certification ?

According to Rankiteo, Expedia does not hold a SOC 2 Type 2 certification.

Does Expedia comply with GDPR ?

According to Rankiteo, Expedia is not listed as GDPR compliant.

Does Expedia have PCI DSS certification ?

According to Rankiteo, Expedia does not currently maintain PCI DSS compliance.

Does Expedia comply with HIPAA ?

According to Rankiteo, Expedia is not compliant with HIPAA regulations.

Does Expedia have ISO 27001 certification ?

According to Rankiteo,Expedia is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.

Industry Classification of Expedia

Expedia operates primarily in the Travel Arrangements industry.

Number of Employees at Expedia

Expedia employs approximately None employees people worldwide.

Subsidiaries Owned by Expedia

Expedia presently has no subsidiaries across any sectors.

Expedia’s LinkedIn Followers

Expedia’s official LinkedIn profile has approximately 234 followers.

NAICS Classification of Expedia

Expedia is classified under the NAICS code 5615, which corresponds to Travel Arrangement and Reservation Services.

Expedia’s Presence on Crunchbase

No, Expedia does not have a profile on Crunchbase.

Expedia’s Presence on LinkedIn

Yes, Expedia maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/expedia.

Cybersecurity Incidents Involving Expedia

As of December 22, 2025, Rankiteo reports that Expedia has experienced 3 cybersecurity incidents.

Number of Peer and Competitor Companies

Expedia has an estimated 4,816 peer or competitor companies worldwide.

What types of cybersecurity incidents have occurred at Expedia ?

Incident Types: The types of cybersecurity incidents that have occurred include Breach.

How does Expedia detect and respond to cybersecurity incidents ?

Detection and Response: The company detects and responds to cybersecurity incidents through an communication strategy with sent data breach letters to all affected and asked them to be alerted., and remediation measures with offered 12 months of identity theft protection via expedia identityworks..

Incident Details

Can you provide details on each incident ?

Incident : Data Breach

Title: Orbitz Data Breach

Description: Hackers may have accessed personal information from about 880,000 payment cards.

Date Detected: March 2018

Type: Data Breach

Incident : Data Breach

Title: Data Breach of Israeli Travel Websites

Description: Nearly 300,000 Israelis' personal information was made public by an Iranian hacker organization targeting websites for Israeli travelers.

Type: Data Breach

Attack Vector: Website Hacking

Threat Actor: Iranian Hacker Organization

Incident : Other

Title: Expedia Group Data Breach (2021)

Description: The Maine Office of the Attorney General reported that Expedia Group, Inc. announced a data breach potentially affecting the credit card information of 3 individuals. Identity theft protection services were offered for 12 months through Expedia IdentityWorks.

Date Detected: 2022-03-02

Date Publicly Disclosed: 2022-03-02

Type: Other

What are the most common types of attacks the company has faced ?

Common Attack Types: The most common types of attacks the company has faced is Breach.

Impact of the Incidents

What was the impact of each incident ?

Incident : Data Breach EXP16239622

Data Compromised: Names, Phone numbers, Email addresses, Billing addresses

Payment Information Risk: ['payment card information']

Incident : Data Breach TRI946171122

Data Compromised: Id numbers, Addresses, Credit card details

Systems Affected: hotel4u.co.ilhotels.co.ilisrotel.comminihotel.co.iltrivago.co.ildanhotels.com

Incident : Other EXP1014091725

Data Compromised: Credit card information

Identity Theft Risk: Yes (protection services offered)

Payment Information Risk: Yes

What types of data are most commonly compromised in incidents ?

Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Names, Phone Numbers, Email Addresses, Billing Addresses, Payment Card Information, , Id Numbers, Addresses, Credit Card Details, , Credit Card Information and .

Which entities were affected by each incident ?

Incident : Data Breach EXP16239622

Entity Name: Orbitz

Entity Type: Subsidiary

Industry: Online Travel Agency

Customers Affected: 880000

Incident : Data Breach TRI946171122

Entity Type: Travel Websites

Industry: Travel

Location: Israel

Customers Affected: 300000

Incident : Other EXP1014091725

Entity Name: Expedia Group, Inc.

Entity Type: Corporation

Industry: Travel & Hospitality

Location: Seattle, Washington, USA

Customers Affected: 3

Response to the Incidents

What measures were taken in response to each incident ?

Incident : Data Breach TRI946171122

Communication Strategy: Sent data breach letters to all affected and asked them to be alerted.

Incident : Other EXP1014091725

Remediation Measures: Offered 12 months of identity theft protection via Expedia IdentityWorks

Data Breach Information

What type of data was compromised in each breach ?

Incident : Data Breach EXP16239622

Type of Data Compromised: Names, Phone numbers, Email addresses, Billing addresses, Payment card information

Number of Records Exposed: 880000

Personally Identifiable Information: namesphone numbersemail addressesbilling addresses

Incident : Data Breach TRI946171122

Type of Data Compromised: Id numbers, Addresses, Credit card details

Number of Records Exposed: 300000

Personally Identifiable Information: ID numbersaddresses

Incident : Other EXP1014091725

Type of Data Compromised: Credit card information

Number of Records Exposed: 3

Sensitivity of Data: High

What measures does the company take to prevent data exfiltration ?

Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Offered 12 months of identity theft protection via Expedia IdentityWorks, .

Regulatory Compliance

Were there any regulatory violations and fines imposed for each incident ?

Incident : Other EXP1014091725

Regulatory Notifications: Maine Office of the Attorney General

References

Where can I find more information about each incident ?

Incident : Data Breach EXP16239622

Source: Orbitz Disclosure

Incident : Other EXP1014091725

Source: Maine Office of the Attorney General

Where can stakeholders find additional resources on cybersecurity best practices ?

Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Orbitz Disclosure, and Source: Maine Office of the Attorney General.

Investigation Status

How does the company communicate the status of incident investigations to stakeholders ?

Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Sent data breach letters to all affected and asked them to be alerted..

Stakeholder and Customer Advisories

Were there any advisories issued to stakeholders or customers for each incident ?

Incident : Other EXP1014091725

Customer Advisories: Offered 12 months of identity theft protection via Expedia IdentityWorks

What advisories does the company provide to stakeholders and customers following an incident ?

Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Offered 12 Months Of Identity Theft Protection Via Expedia Identityworks and .

Additional Questions

General Information

Who was the attacking group in the last incident ?

Last Attacking Group: The attacking group in the last incident was an Iranian Hacker Organization.

Incident Details

What was the most recent incident detected ?

Most Recent Incident Detected: The most recent incident detected was on March 2018.

What was the most recent incident publicly disclosed ?

Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2022-03-02.

Impact of the Incidents

What was the most significant data compromised in an incident ?

Most Significant Data Compromised: The most significant data compromised in an incident were names, phone numbers, email addresses, billing addresses, , ID numbers, addresses, credit card details, , credit card information and .

What was the most significant system affected in an incident ?

Most Significant System Affected: The most significant system affected in an incident was hotel4u.co.ilhotels.co.ilisrotel.comminihotel.co.iltrivago.co.ildanhotels.com.

Data Breach Information

What was the most sensitive data compromised in a breach ?

Most Sensitive Data Compromised: The most sensitive data compromised in a breach were credit card details, addresses, names, phone numbers, email addresses, credit card information, billing addresses and ID numbers.

What was the number of records exposed in the most significant breach ?

Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 1.2K.

References

What is the most recent source of information about an incident ?

Most Recent Source: The most recent source of information about an incident are Orbitz Disclosure and Maine Office of the Attorney General.

Stakeholder and Customer Advisories

What was the most recent customer advisory issued ?

Most Recent Customer Advisory: The most recent customer advisory issued was an Offered 12 months of identity theft protection via Expedia IdentityWorks.

cve

Latest Global CVEs (Not Company-Specific)

Description

Versa SASE Client for Windows versions released between 7.8.7 and 7.9.4 contain a local privilege escalation vulnerability in the audit log export functionality. The client communicates user-controlled file paths to a privileged service, which performs file system operations without impersonating the requesting user. Due to improper privilege handling and a time-of-check time-of-use race condition combined with symbolic link and mount point manipulation, a local authenticated attacker can coerce the service into deleting arbitrary directories with SYSTEM privileges. This can be exploited to delete protected system folders such as C:\\Config.msi and subsequently achieve execution as NT AUTHORITY\\SYSTEM via MSI rollback techniques.

Risk Information
cvss4
Base: 8.5
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description

The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to unauthorized modification of data due to a missing capability check on the 'cs_update_application_status_callback' function in all versions up to, and including, 7.7. This makes it possible for authenticated attackers, with Candidate-level access and above, to inject cross-site scripting into the 'status' parameter of applied jobs for any user.

Risk Information
cvss3
Base: 7.6
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
Description

The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 7.7 via the 'cs_update_application_status_callback' due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Candidate-level access and above, to send a site-generated email with injected HTML to any user.

Risk Information
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Description

The FiboSearch – Ajax Search for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `thegem_te_search` shortcode in all versions up to, and including, 1.32.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This vulnerability requires TheGem theme (premium) to be installed with Header Builder mode enabled, and the FiboSearch "Replace search bars" option enabled for TheGem integration.

Risk Information
cvss3
Base: 5.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Description

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11.0 via the ajax_get_members function. This is due to the use of a predictable low-entropy token (5 hex characters derived from md5 of post ID) to identify member directories and insufficient authorization checks on the unauthenticated AJAX endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including usernames, display names, user roles (including administrator accounts), profile URLs, and user IDs by enumerating predictable directory_id values or brute-forcing the small 16^5 token space.

Risk Information
cvss3
Base: 5.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Access Data Using Our API

SubsidiaryImage

Get company history

curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=expedia' -H 'apikey: YOUR_API_KEY_HERE'

What Do We Measure ?

revertimgrevertimgrevertimgrevertimg
Incident
revertimgrevertimgrevertimgrevertimg
Finding
revertimgrevertimgrevertimgrevertimg
Grade
revertimgrevertimgrevertimgrevertimg
Digital Assets

Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.

These are some of the factors we use to calculate the overall score:

Network Security

Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.

SBOM (Software Bill of Materials)

Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.

CMDB (Configuration Management Database)

Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.

Threat Intelligence

Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.

Top LeftTop RightBottom LeftBottom Right
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
Users Love Us Badge