CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

745 matches found

CVE-2026-39539 WordPress Alloggio - Hotel Booking theme <= 2.1.2 - PHP Object Injection vulnerability

Summary: CVE-2026-39539 concerns unauthenticated PHP Object Injection in the WordPress plugin/theme “Alloggio - Hotel Booking” versions ≤ 2.1.2. The affected component is the Alloggio Hotel Booking theme; the underlying issue is described as a PHP Object Injection vulnerability. The CVSS base sco...

8.1CVSS5.4AI score

Exploits0References1

Nuclei•added yesterday•41 views

Hotel Booking Lite < 4.8.5 - Arbitrary File Download & Deletion

The Hotel Booking Lite WordPress plugin before 4.8.5 does not validate file paths provided via user input, as well as does not have proper CSRF and authorisation checks, allowing unauthenticated users to download and delete arbitrary files on the server id: CVE-2023-5991 info: name: Hotel Booking...

9.8CVSS8.6AI score0.03313EPSS

Exploits2References2

Nuclei•added yesterday•8 views

WP Hotel Booking <= 2.0.7 - SQL Injection

WP Hotel Booking WordPress plugin before 2.0.8 contains a SQL injection caused by lack of authorization, CSRF checks, and input escaping in a function hooked to admininit, letting unauthenticated users perform SQL injections, exploit requires no authentication. id: CVE-2023-5652 info: name: WP...

9.8CVSS8.6AI score0.63711EPSS

Exploits2References2

Nuclei•added yesterday•21 views

WP Hotel Booking < 1.10.4 - PHP Object Injection

The wp-hotel-booking plugin through 1.10.2 for WordPress allows remote attackers to execute arbitrary code because of an unserialize operation on the thimpresshotelbooking1 cookie in load in includes/class-wphb-sessions.php. id: CVE-2020-29047 info: name: WP Hotel Booking 1.10.4 - PHP Object...

9.8CVSS9AI score0.14269EPSS

Exploits2References3

RedhatCVE•added 2026/06/05 7:16 p.m.•4 views

CVE-2026-42737

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking allows Path Traversal.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through = 1.8.9...

8.6CVSS5.4AI score0.00345EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:16 p.m.•7 views

CVE-2026-42683

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS allows DOM-Based XSS. This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through 1.8.8...

7.1CVSS5.4AI score0.00142EPSS

Exploits0References1

NVD•added 2026/06/01 3:16 p.m.•9 views

CVE-2026-42683

7.1CVSS0.00142EPSS

Exploits0References1

ATTACKERKB•added 2026/06/01 2:44 p.m.•7 views

CVE-2026-42683

7.1CVSS5.8AI score0.00142EPSS

Exploits0References2

EUVD•added 2026/06/01 2:44 p.m.•9 views

EUVD-2026-33653

7.1CVSS5.8AI score0.00142EPSS

Exploits0References1

Patchstack•added 2026/06/01 1:48 p.m.•4 views

WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.8.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by anhcd05 in WordPress Plugin VikBooking Hotel Booking Engine & PMS versions = 1.8.9...

7.1CVSS5.8AI score0.00146EPSS

Exploits0Affected Software1

Positive Technologies•added 2026/06/01 12:0 a.m.•10 views

PT-2026-45436

Name of the Vulnerable Software and Affected Versions e4jvikwp VikBooking Hotel Booking Engine & PMS versions prior to 1.8.9 Description Improper neutralization of input during web page generation allows DOM-Based Cross-Site Scripting XSS, a flaw where the application contains client-side scripts...

7.1CVSS5.9AI score0.00142EPSS

Exploits0References4

NVD•added 2026/05/27 11:16 a.m.•11 views

CVE-2026-42762

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking allows DOM-Based XSS.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through = 1.8.9...

7.1CVSS0.00146EPSS

Exploits0References1

ATTACKERKB•added 2026/05/27 9:49 a.m.•10 views

CVE-2026-42762

7.1CVSS5.8AI score0.00146EPSS

Exploits0References2

ATTACKERKB•added 2026/05/27 9:49 a.m.•6 views

CVE-2026-42737

8.6CVSS5.8AI score0.00345EPSS

Exploits0References2

EUVD•added 2026/05/27 9:49 a.m.•6 views

EUVD-2026-32189

8.6CVSS5.8AI score0.00345EPSS

Exploits0References1

Positive Technologies•added 2026/05/27 12:0 a.m.•6 views

PT-2026-43649

Name of the Vulnerable Software and Affected Versions VikBooking Hotel Booking Engine & PMS versions prior to 1.9.0 Description An improper limitation of a pathname to a restricted directory, known as Path Traversal, allows access to files outside of the intended directory. Recommendations Update...

8.6CVSS5.8AI score0.00345EPSS

Exploits0References4

NVD•added 2026/05/22 9:16 a.m.•11 views

CVE-2026-8684

The MotoPress Hotel Booking plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrite or...

5.3CVSS0.00278EPSS

Exploits0References8

CVE•added 2026/05/22 7:50 a.m.•19 views

CVE-2026-8684

The CVE-2026-8684 entry concerns the MotoPress Hotel Booking plugin for WordPress (versions up to 6.0.1). The root cause is improper authorization checks for an action (mphb_update_booking_notes AJAX action), enabling unauthenticated users to overwrite or delete internal notes (_mphb_booking_inte...

5.3CVSS5.9AI score0.00278EPSS

Exploits0References8

EUVD•added 2026/05/22 7:50 a.m.•8 views

EUVD-2026-31417

5.3CVSS5.9AI score0.00278EPSS

Exploits0References8

Vulnrichment•added 2026/05/22 7:50 a.m.•4 views

CVE-2026-8684 MotoPress Hotel Booking <= 6.0.1 - Missing Authorization to Unauthenticated Arbitrary Booking Notes Modification via mphb_update_booking_notes AJAX Action

5.3CVSS5.9AI score0.00278EPSS

Exploits0References8

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by