Lucene search
K

64 matches found

NVD
NVD
added 4 days ago7 views

CVE-2026-3907

The Hostel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wphostel-book' shortcode in all versions up to and including 1.1.7. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. Specifically, the second shortcode...

6.4CVSS0.00206EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 4 days ago7 views

CVE-2026-3907

The Hostel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wphostel-book' shortcode in all versions up to and including 1.1.7. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. Specifically, the second shortcode...

6.4CVSS6.2AI score0.00206EPSS
Exploits0References9
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-3907 Hostel <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wphostel-book' Shortcode

The Hostel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wphostel-book' shortcode in all versions up to and including 1.1.7. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. Specifically, the second shortcode...

6.4CVSS0.00206EPSS
Exploits0References8
CVE
CVE
added 4 days ago8 views

CVE-2026-3907

The CVE records CVE-2026-3907 for the WordPress Hostel plugin (versions

6.4CVSS6.2AI score0.00206EPSS
Exploits0References8
Patchstack
Patchstack
added 5 days ago6 views

WordPress Hostel plugin <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Hostel versions = 1.1.7...

6.4CVSS6.1AI score0.00206EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/20 7:22 p.m.6 views

CVE-2026-1838

The Hostel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'shortcodeid' parameter in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS5.9AI score0.00318EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/04/20 9:39 a.m.8 views

WordPress Hostel plugin <= 1.1.6 - Reflected Cross-Site Scripting via 'shortcode_id' Parameter vulnerability

Reflected Cross-Site Scripting via 'shortcodeid' Parameter vulnerability discovered by Bee - FPT University in WordPress Plugin Hostel versions = 1.1.6...

6.1CVSS5.8AI score0.00318EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/04/18 2:16 a.m.3 views

CVE-2026-1838

The Hostel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'shortcodeid' parameter in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS0.00318EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/04/18 1:26 a.m.2 views

CVE-2026-1838 Hostel <= 1.1.6 - Reflected Cross-Site Scripting via 'shortcode_id' Parameter

The Hostel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'shortcodeid' parameter in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS5.9AI score0.00318EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/04/18 1:26 a.m.3 views

CVE-2026-1838

The Hostel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'shortcodeid' parameter in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS5.9AI score0.00318EPSS
Exploits0References10
CVE
CVE
added 2026/04/18 1:26 a.m.10 views

CVE-2026-1838

Affected software: Hostel plugin for WordPress (versions up to 1.1.6). Vulnerability: Reflected Cross-Site Scripting via the 'shortcode_id' parameter due to insufficient input sanitization and output escaping. Impact (as stated): Unauthenticated attackers can inject arbitrary web scripts into pag...

6.1CVSS5.9AI score0.00318EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/04/18 1:26 a.m.34 views

CVE-2026-1838 Hostel <= 1.1.6 - Reflected Cross-Site Scripting via 'shortcode_id' Parameter

The Hostel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'shortcodeid' parameter in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS0.00318EPSS
Exploits0References9
EUVD
EUVD
added 2026/04/18 1:26 a.m.6 views

EUVD-2026-23624

The Hostel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'shortcodeid' parameter in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS5.9AI score0.00318EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/04/18 12:0 a.m.9 views

PT-2026-33580

The Hostel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'shortcode id' parameter in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS5.9AI score0.00318EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/04/18 12:0 a.m.11 views

WordPress plugin Hostel 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.1CVSS6AI score0.00318EPSS
Exploits0References2
CNVD
CNVD
added 2025/12/30 12:0 a.m.5 views

WordPress Hostel plugin cross-site scripting vulnerability

WordPress Hostel plugin refers to a plugin designed specifically for WordPress websites. WordPress Hostel plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited by an attacke...

5.9CVSS7.9AI score0.00164EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/24 12:45 p.m.30 views

CVE-2023-32120 WordPress Hostel plugin <= 1.1.5.1 - Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Bob Hostel allows DOM-Based XSS.This issue affects Hostel: from n/a through 1.1.5.1...

5.9CVSS0.00164EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/24 12:45 p.m.3 views

CVE-2023-32120 WordPress Hostel plugin <= 1.1.5.1 - Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Bob Hostel allows DOM-Based XSS.This issue affects Hostel: from n/a through 1.1.5.1...

5.9CVSS6AI score0.00164EPSS
Exploits0References1
CVE
CVE
added 2025/12/24 12:45 p.m.24 views

CVE-2023-32120

CVE-2023-32120 affects the WordPress plugin Hostel. The issue is an XSS vulnerability caused by improper neutralization of input during web page generation, enabling DOM-based XSS in affected versions up to 1.1.5.1. A fix is available in version 1.1.5.2. Multiple connected sources corroborate thi...

5.9CVSS7.8AI score0.00164EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/24 12:0 a.m.5 views

WordPress plugin Hostel 跨站脚本漏洞

WordPress Hostel plugin refers to a plugin designed specifically for WordPress websites. WordPress Hostel plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited by an attacke...

5.9CVSS7.9AI score0.00164EPSS
Exploits0References2
Rows per page
Query Builder