CVE-2026-3496 JetBooking <= 4.0.3 - Unauthenticated SQL Injection via 'check_in_date' Parameter

The JetBooking plugin for WordPress is vulnerable to SQL Injection via the 'checkindate' parameter in all versions up to, and including, 4.0.3. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...

CVE-2026-3496

CVE-2026-3496 – JetBooking for WordPress is an unauthenticated SQL Injection in the check_in_date parameter affecting all versions up to 4.0.3. The root cause is insufficient escaping of user input and lack of proper SQL query preparation, enabling attackers to append additional SQL to queries an...

CVE-2023-49270

Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'checkindate' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's response...

Hotel Management System 跨站脚本漏洞

Hotel Management System is an MIS project based on a hotel management system. Hotel Management System v1.0 suffers from a cross-site scripting vulnerability that originates when the checkindate parameter in reservation.php is copied in plain text between tags in an HTML document, and any input is...