2 matches found
EUVD-2026-37994
The WP Hotel Booking WordPress plugin before 2.3.1 does not enforce capability checks in several of its AJAX handlers, allowing authenticated users with Subscriber-level access to read other users' booking line items, enumerate active coupons, and read pricing data...
PT-2026-50848
Name of the Vulnerable Software and Affected Versions WP Hotel Booking versions prior to 2.3.1 Description Several AJAX handlers do not enforce capability checks, which allows authenticated users with Subscriber-level access to read booking line items of other users, enumerate active coupons, and...