4 matches found
VulnCheck KEV: CVE-2024-3605
The WP Hotel Booking plugin for WordPress is vulnerable to SQL Injection via the 'roomtype' parameter of the /wphb/v1/rooms/search-rooms REST API endpoint in all versions up to, and including, 2.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...
Exploit for SQL Injection in Thimpress Wp_Hotel_Booking
CVE-2024-3605 WP Hotel Booking = 2.1.0 - Unauthenticated SQL...
CVE-2024-3605
The WP Hotel Booking plugin for WordPress is vulnerable to SQL Injection via the 'roomtype' parameter of the /wphb/v1/rooms/search-rooms REST API endpoint in all versions up to, and including, 2.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...
PT-2024-26863
Name of the Vulnerable Software and Affected Versions WP Hotel Booking plugin for WordPress versions up to, and including, 2.1.0 Description The issue allows for SQL Injection via the room type parameter of the "/wphb/v1/rooms/search-rooms" REST API endpoint due to insufficient escaping on the...