Lucene search
+L

4 matches found

NVD
NVD
added 2025/01/22 11:15 a.m.18 views

CVE-2024-13447

The WP Hotel Booking plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hotelbookingloadorderuser AJAX action in all versions up to, and including, 2.1.6. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS0.00347EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/01/22 11:7 a.m.23 views

CVE-2024-13447 WP Hotel Booking <= 2.1.6 - Missing Authorization to Authenticated (Subscriber+) User Email Retrieval

The WP Hotel Booking plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hotelbookingloadorderuser AJAX action in all versions up to, and including, 2.1.6. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS0.00347EPSS
Exploits0References4
CVE
CVE
added 2025/01/22 11:7 a.m.59 views

CVE-2024-13447

CVE-2024-13447 (WP Hotel Booking plugin for WordPress) suffers from a missing capability check on the hotel_booking_load_order_user AJAX action in all versions up to 2.1.6, enabling authenticated users with Subscriber-level access and above to retrieve a list of registered user emails. The vulner...

4.3CVSS4.3AI score0.00347EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/01/22 11:7 a.m.12 views

CVE-2024-13447 WP Hotel Booking <= 2.1.6 - Missing Authorization to Authenticated (Subscriber+) User Email Retrieval

The WP Hotel Booking plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hotelbookingloadorderuser AJAX action in all versions up to, and including, 2.1.6. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS4.3AI score0.00347EPSS
Exploits0References4
Rows per page
Query Builder