Lucene search
K

755 matches found

Nuclei
Nuclei
added yesterday56 views

Hotel Booking Lite < 4.8.5 - Arbitrary File Download & Deletion

The Hotel Booking Lite WordPress plugin before 4.8.5 does not validate file paths provided via user input, as well as does not have proper CSRF and authorisation checks, allowing unauthenticated users to download and delete arbitrary files on the server id: CVE-2023-5991 info: name: Hotel Booking...

9.8CVSS7.3AI score0.03313EPSS
Exploits2References2
Nuclei
Nuclei
added 2 days ago23 views

WP Hotel Booking < 1.10.4 - PHP Object Injection

The wp-hotel-booking plugin through 1.10.2 for WordPress allows remote attackers to execute arbitrary code because of an unserialize operation on the thimpresshotelbooking1 cookie in load in includes/class-wphb-sessions.php. id: CVE-2020-29047 info: name: WP Hotel Booking 1.10.4 - PHP Object...

9.8CVSS7.6AI score0.14269EPSS
Exploits2References3
Nuclei
Nuclei
added 2 days ago13 views

WP Hotel Booking <= 2.0.7 - SQL Injection

WP Hotel Booking WordPress plugin before 2.0.8 contains a SQL injection caused by lack of authorization, CSRF checks, and input escaping in a function hooked to admininit, letting unauthenticated users perform SQL injections, exploit requires no authentication. id: CVE-2023-5652 info: name: WP...

9.8CVSS7.2AI score0.63711EPSS
Exploits2References2
NVD
NVD
added 5 days ago4 views

CVE-2026-57347

Subscriber Sensitive Data Exposure in Hotel Booking Lite = 6.0.3 versions...

6.5CVSS0.00371EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago35 views

CVE-2026-57347 WordPress Hotel Booking Lite plugin <= 6.0.3 - Sensitive Data Exposure vulnerability

Subscriber Sensitive Data Exposure in Hotel Booking Lite = 6.0.3 versions...

6.5CVSS0.00371EPSS
Exploits0References1
CVE
CVE
added 5 days ago11 views

CVE-2026-57347

CVE-2026-57347 affects the WordPress plugin Hotel Booking Lite

6.5CVSS5.8AI score0.00371EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/19 9:18 a.m.7 views

WordPress WP Hotel Booking plugin < 2.3.1 - Subscriber+ Missing Authorization in Multiple AJAX Handlers vulnerability

Subscriber+ Missing Authorization in Multiple AJAX Handlers vulnerability discovered by Sanjorn Keeratirungsan in WordPress Plugin WP Hotel Booking versions 2.3.1...

6.5CVSS5.8AI score0.00201EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/19 6:17 a.m.11 views

CVE-2026-9822

The WP Hotel Booking WordPress plugin before 2.3.1 does not enforce capability checks in several of its AJAX handlers, allowing authenticated users with Subscriber-level access to read other users' booking line items, enumerate active coupons, and read pricing data...

6.5CVSS0.00201EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/19 6:0 a.m.6 views

CVE-2026-9822

The WP Hotel Booking WordPress plugin before 2.3.1 does not enforce capability checks in several of its AJAX handlers, allowing authenticated users with Subscriber-level access to read other users' booking line items, enumerate active coupons, and read pricing data...

5.8AI score0.00201EPSS
Exploits0References1
CVE
CVE
added 2026/06/19 6:0 a.m.22 views

CVE-2026-9822

The CVE-2026-9822 entry concerns the WP Hotel Booking WordPress plugin prior to version 2.3.1. Root cause: missing capability checks in several AJAX handlers. Impact: authenticated users with Subscriber-level access can read other users’ booking line items, enumerate active coupons, and read pric...

6.5CVSS5.8AI score0.00201EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.8 views

CVE-2026-39539

Unauthenticated PHP Object Injection in Alloggio - Hotel Booking = 2.1.2 versions...

8.1CVSS0.00308EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 8:57 p.m.27 views

CVE-2026-39539 WordPress Alloggio - Hotel Booking theme <= 2.1.2 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Alloggio - Hotel Booking = 2.1.2 versions...

8.1CVSS0.00308EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 8:57 p.m.15 views

CVE-2026-39539

Summary: CVE-2026-39539 concerns unauthenticated PHP Object Injection in the WordPress plugin/theme “Alloggio - Hotel Booking” versions ≤ 2.1.2. The affected component is the Alloggio Hotel Booking theme; the underlying issue is described as a PHP Object Injection vulnerability. The CVSS base sco...

8.1CVSS5.3AI score0.00308EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.15 views

PT-2026-50098

Unauthenticated PHP Object Injection in Alloggio - Hotel Booking = 2.1.2 versions...

8.1CVSS5.4AI score0.00308EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.8 views

CVE-2026-42737

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking allows Path Traversal.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through = 1.8.9...

8.6CVSS5.4AI score0.00345EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.10 views

CVE-2026-42683

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS allows DOM-Based XSS. This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through 1.8.8...

7.1CVSS5.4AI score0.00142EPSS
Exploits0References1
NVD
NVD
added 2026/06/01 3:16 p.m.12 views

CVE-2026-42683

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS allows DOM-Based XSS. This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through 1.8.8...

7.1CVSS0.00142EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/01 2:44 p.m.13 views

EUVD-2026-33653

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS allows DOM-Based XSS. This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through 1.8.8...

7.1CVSS5.8AI score0.00142EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/01 2:44 p.m.11 views

CVE-2026-42683

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS allows DOM-Based XSS. This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through 1.8.8...

7.1CVSS5.8AI score0.00142EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/06/01 1:48 p.m.7 views

WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.8.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by anhcd05 in WordPress Plugin VikBooking Hotel Booking Engine & PMS versions = 1.8.9...

7.1CVSS5.8AI score0.00142EPSS
Exploits0Affected Software1
Rows per page
Query Builder