755 matches found
Hotel Booking Lite < 4.8.5 - Arbitrary File Download & Deletion
The Hotel Booking Lite WordPress plugin before 4.8.5 does not validate file paths provided via user input, as well as does not have proper CSRF and authorisation checks, allowing unauthenticated users to download and delete arbitrary files on the server id: CVE-2023-5991 info: name: Hotel Booking...
WP Hotel Booking < 1.10.4 - PHP Object Injection
The wp-hotel-booking plugin through 1.10.2 for WordPress allows remote attackers to execute arbitrary code because of an unserialize operation on the thimpresshotelbooking1 cookie in load in includes/class-wphb-sessions.php. id: CVE-2020-29047 info: name: WP Hotel Booking 1.10.4 - PHP Object...
WP Hotel Booking <= 2.0.7 - SQL Injection
WP Hotel Booking WordPress plugin before 2.0.8 contains a SQL injection caused by lack of authorization, CSRF checks, and input escaping in a function hooked to admininit, letting unauthenticated users perform SQL injections, exploit requires no authentication. id: CVE-2023-5652 info: name: WP...
CVE-2026-57347
Subscriber Sensitive Data Exposure in Hotel Booking Lite = 6.0.3 versions...
CVE-2026-57347 WordPress Hotel Booking Lite plugin <= 6.0.3 - Sensitive Data Exposure vulnerability
Subscriber Sensitive Data Exposure in Hotel Booking Lite = 6.0.3 versions...
CVE-2026-57347
CVE-2026-57347 affects the WordPress plugin Hotel Booking Lite
WordPress WP Hotel Booking plugin < 2.3.1 - Subscriber+ Missing Authorization in Multiple AJAX Handlers vulnerability
Subscriber+ Missing Authorization in Multiple AJAX Handlers vulnerability discovered by Sanjorn Keeratirungsan in WordPress Plugin WP Hotel Booking versions 2.3.1...
CVE-2026-9822
The WP Hotel Booking WordPress plugin before 2.3.1 does not enforce capability checks in several of its AJAX handlers, allowing authenticated users with Subscriber-level access to read other users' booking line items, enumerate active coupons, and read pricing data...
CVE-2026-9822
The WP Hotel Booking WordPress plugin before 2.3.1 does not enforce capability checks in several of its AJAX handlers, allowing authenticated users with Subscriber-level access to read other users' booking line items, enumerate active coupons, and read pricing data...
CVE-2026-9822
The CVE-2026-9822 entry concerns the WP Hotel Booking WordPress plugin prior to version 2.3.1. Root cause: missing capability checks in several AJAX handlers. Impact: authenticated users with Subscriber-level access can read other users’ booking line items, enumerate active coupons, and read pric...
CVE-2026-39539
Unauthenticated PHP Object Injection in Alloggio - Hotel Booking = 2.1.2 versions...
CVE-2026-39539 WordPress Alloggio - Hotel Booking theme <= 2.1.2 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Alloggio - Hotel Booking = 2.1.2 versions...
CVE-2026-39539
Summary: CVE-2026-39539 concerns unauthenticated PHP Object Injection in the WordPress plugin/theme “Alloggio - Hotel Booking” versions ≤ 2.1.2. The affected component is the Alloggio Hotel Booking theme; the underlying issue is described as a PHP Object Injection vulnerability. The CVSS base sco...
PT-2026-50098
Unauthenticated PHP Object Injection in Alloggio - Hotel Booking = 2.1.2 versions...
CVE-2026-42737
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking allows Path Traversal.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through = 1.8.9...
CVE-2026-42683
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS allows DOM-Based XSS. This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through 1.8.8...
CVE-2026-42683
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS allows DOM-Based XSS. This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through 1.8.8...
EUVD-2026-33653
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS allows DOM-Based XSS. This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through 1.8.8...
CVE-2026-42683
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS allows DOM-Based XSS. This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through 1.8.8...
WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.8.9 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by anhcd05 in WordPress Plugin VikBooking Hotel Booking Engine & PMS versions = 1.8.9...