4 matches found
CVE-2024-3605
The WP Hotel Booking plugin for WordPress is vulnerable to SQL Injection via the 'roomtype' parameter of the /wphb/v1/rooms/search-rooms REST API endpoint in all versions up to, and including, 2.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...
CVE-2024-3605
creationtimestamp| type| source ---|---|--- 2025-01-14 12:49:54+00:00| seen| https://infosec.exchange/users/randomrobbie/statuses/113826790893332300 2025-01-20 21:02:14+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lg7ad6vcjx22 2026-02-12 21:03:27+00:00| seen|...
CVE-2024-3605 WP Hotel Booking <= 2.1.0 - Unauthenticated SQL Injection
The WP Hotel Booking plugin for WordPress is vulnerable to SQL Injection via the 'roomtype' parameter of the /wphb/v1/rooms/search-rooms REST API endpoint in all versions up to, and including, 2.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...
WordPress WP Hotel Booking Plugin <= 2.1.0 is vulnerable to SQL Injection
Software WP Hotel Booking Type Plugin Vulnerable versions = 2.1.0 Fixed in 2.1.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3605 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 4c5ededd8a8e Credits Krzysztof Zając Required privilege...