The wp-hotel-booking plugin through 1.10.2 for WordPress allows remote attackers to execute arbitrary code because of an unserialize operation on the thimpress_hotel_booking_1 cookie in load in includes/class-wphb-sessions.php.
|thimpress:wp_hotel_booking||thimpress wp hotel booking||1.10.2|
WordPress Hotel Booking Plugin Remote Code Execution (CVE-2020-29047)
WP Hotel Booking <= 1.10.3 - Unauthenticated PHP Object Injection
WordPress WP Hotel Booking plugin <= 1.10.2 - Unauthenticated Remote Code Execution (RCE) via Arbitrary Object Deserialisation vulnerability