14 matches found
CVE-2026-8684
The MotoPress Hotel Booking plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrite or...
EUVD-2026-31417
The MotoPress Hotel Booking plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrite or...
CVE-2026-8684 MotoPress Hotel Booking <= 6.0.1 - Missing Authorization to Unauthenticated Arbitrary Booking Notes Modification via mphb_update_booking_notes AJAX Action
The MotoPress Hotel Booking plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrite or...
CVE-2026-8684 MotoPress Hotel Booking <= 6.0.1 - Missing Authorization to Unauthenticated Arbitrary Booking Notes Modification via mphb_update_booking_notes AJAX Action
The MotoPress Hotel Booking plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrite or...
CVE-2026-8684
The CVE-2026-8684 entry concerns the MotoPress Hotel Booking plugin for WordPress (versions up to 6.0.1). The root cause is improper authorization checks for an action (mphb_update_booking_notes AJAX action), enabling unauthenticated users to overwrite or delete internal notes (_mphb_booking_inte...
CVE-2026-8684
The MotoPress Hotel Booking plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrite or...
PT-2026-42738
The MotoPress Hotel Booking plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrite or...
WordPress MotoPress Hotel Booking plugin <= 6.0.1 - Missing Authorization to Unauthenticated Arbitrary Booking Notes Modification vulnerability
Missing Authorization to Unauthenticated Arbitrary Booking Notes Modification vulnerability discovered by MD. TAREQ AHAMED JONY itztrq - Knight Squad in WordPress Plugin Hotel Booking Lite versions = 6.0.1...
EUVD-2025-38365
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized booking note creation due to a missing capability check on the 'bookingaddnotes' function in all versions up to, and including, 4.2.0.0. This makes it possible for authenticated attackers, wi...
CVE-2025-12498
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized booking note creation due to a missing capability check on the 'bookingaddnotes' function in all versions up to, and including, 4.2.0.0. This makes it possible for authenticated attackers, wi...
CVE-2025-12498
CVE-2025-12498 affects the WordPress plugin EventPrime – Events Calendar, Bookings and Tickets. The issue is a missing capability check in the booking_add_notes function across versions up to and including 4.2.0.0, allowing authenticated users with Subscriber-level access or higher to create note...
CVE-2025-12498 EventPrime – Events Calendar, Bookings and Tickets <= 4.2.0.0 - Missing Authorization to Authenticated (Subscriber+) Booking Note Creation
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized booking note creation due to a missing capability check on the 'bookingaddnotes' function in all versions up to, and including, 4.2.0.0. This makes it possible for authenticated attackers, wi...
CVE-2025-12498 EventPrime – Events Calendar, Bookings and Tickets <= 4.2.0.0 - Missing Authorization to Authenticated (Subscriber+) Booking Note Creation
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized booking note creation due to a missing capability check on the 'bookingaddnotes' function in all versions up to, and including, 4.2.0.0. This makes it possible for authenticated attackers, wi...
WordPress plugin EventPrime 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...