CVE-2024-3605

🗓️ 20 Jun 2024 02:08:22Reported by WordfenceType

cve🔗 web.nvd.nist.gov👁 124 Views🌐 WEB

Vulnerability in WP Hotel Booking plugin for WordPress due to SQL Injectio

Reporter	Title	Published	Views	Family All 14
GithubExploit	Exploit for SQL Injection in Thimpress Wp_Hotel_Booking	12 Jan 202507:53	–	githubexploit
Circl	CVE-2024-3605	14 Jan 202512:49	–	circl
CNNVD	WordPress plugin WP Hotel Booking security vulnerability	20 Jun 202400:00	–	cnnvd
Cvelist	CVE-2024-3605 WP Hotel Booking <= 2.1.0 - Unauthenticated SQL Injection	20 Jun 202402:08	–	cvelist
Nuclei	WP Hotel Booking <= 2.1.0 - SQL Injection	13 Apr 202604:19	–	nuclei
NVD	CVE-2024-3605	20 Jun 202402:15	–	nvd
OSV	CVE-2024-3605	20 Jun 202402:15	–	osv
Patchstack	WordPress WP Hotel Booking plugin <= 2.1.0 - Unauthenticated SQL Injection vulnerability	19 Jun 202412:46	–	patchstack
Patchstack	WordPress WP Hotel Booking Plugin <= 2.1.0 is vulnerable to SQL Injection	19 Jun 202400:00	–	patchstack
Positive Technologies	PT-2024-26863	20 Jun 202400:00	–	ptsecurity

NVD

Vulners

Vulnrichment

Node

thimpress wp_hotel_bookingRange≤2.1.0wordpress

[
  {
    "vendor": "thimpress",
    "product": "WP Hotel Booking",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThanOrEqual": "2.1.0",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/5931ad4e-7de3-41ac-b783-f7e58aaef569
plugins	www.plugins.trac.wordpress.org/changeset
wordpress	www.wordpress.org/plugins/wp-hotel-booking/

Parameter	Position	Path	Description	CWE
room_type	query param	/wp-json/wphb/v1/rooms/search-rooms	SQL Injection via room_type parameter in WP Hotel Booking REST endpoint /wp-json/wphb/v1/rooms/search-rooms, allowing unauthenticated attackers to append SQL to existing queries.	CWE-89

08 Apr 2026 18:21Current

9.7High risk

Vulners AI Score9.7

CVSS 3.19.8 - 10

EPSS0.78976

SSVC