Lucene search
K

6 matches found

VulnCheck KEV
VulnCheck KEV
added 2026/04/07 12:0 a.m.25 views

VulnCheck KEV: CVE-2024-3605

The WP Hotel Booking plugin for WordPress is vulnerable to SQL Injection via the 'roomtype' parameter of the /wphb/v1/rooms/search-rooms REST API endpoint in all versions up to, and including, 2.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...

10CVSS5.9AI score0.04186EPSS
In wildExploits1References2
GithubExploit
GithubExploit
added 2025/01/12 7:53 a.m.95 views

Exploit for SQL Injection in Thimpress Wp_Hotel_Booking

CVE-2024-3605 WP Hotel Booking = 2.1.0 - Unauthenticated SQL...

10CVSS8AI score0.04186EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2024/08/22 12:0 a.m.6 views

PT-2024-30143 · Unknown · Kashipara Hotel Management System

Name of the Vulnerable Software and Affected Versions: Kashipara Hotel Management System version 1.0 Description: An Incorrect Access Control issue was found in the /admin/rooms.php endpoint, allowing an unauthenticated attacker to view valid hotel room entries in the administrator section. This...

7.5CVSS6.6AI score0.00484EPSS
Exploits1References8
OSV
OSV
added 2024/06/20 2:15 a.m.6 views

CVE-2024-3605

The WP Hotel Booking plugin for WordPress is vulnerable to SQL Injection via the 'roomtype' parameter of the /wphb/v1/rooms/search-rooms REST API endpoint in all versions up to, and including, 2.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...

9.8CVSS5.9AI score0.04186EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/06/20 12:0 a.m.10 views

PT-2024-26863

Name of the Vulnerable Software and Affected Versions WP Hotel Booking plugin for WordPress versions up to, and including, 2.1.0 Description The issue allows for SQL Injection via the room type parameter of the "/wphb/v1/rooms/search-rooms" REST API endpoint due to insufficient escaping on the...

10CVSS5.8AI score0.04186EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2023/12/20 12:0 a.m.7 views

PT-2023-31447 · Unknown · Hotel Booking Management

Name of the Vulnerable Software and Affected Versions: Hotel Booking Management version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the npss parameter at the "rooms.php" endpoint. Recommendations: For Hotel Booking Management...

7.5CVSS8.1AI score0.0068EPSS
Exploits1References6
Rows per page
Query Builder