Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 10:1 a.m.14 views

CVE-2024-3605

The WP Hotel Booking plugin for WordPress is vulnerable to SQL Injection via the 'roomtype' parameter of the /wphb/v1/rooms/search-rooms REST API endpoint in all versions up to, and including, 2.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...

10CVSS7.4AI score0.04186EPSS
Exploits1References1
Circl
Circl
added 2025/01/14 12:49 p.m.11 views

CVE-2024-3605

creationtimestamp| type| source ---|---|--- 2025-01-14 12:49:54+00:00| seen| https://infosec.exchange/users/randomrobbie/statuses/113826790893332300 2025-01-20 21:02:14+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lg7ad6vcjx22 2026-02-12 21:03:27+00:00| seen|...

10CVSS5.7AI score0.04186EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/06/20 2:8 a.m.45 views

CVE-2024-3605 WP Hotel Booking <= 2.1.0 - Unauthenticated SQL Injection

The WP Hotel Booking plugin for WordPress is vulnerable to SQL Injection via the 'roomtype' parameter of the /wphb/v1/rooms/search-rooms REST API endpoint in all versions up to, and including, 2.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...

10CVSS0.04186EPSS
Exploits1References3
Patchstack
Patchstack
added 2024/06/19 12:0 a.m.25 views

WordPress WP Hotel Booking Plugin <= 2.1.0 is vulnerable to SQL Injection

Software WP Hotel Booking Type Plugin Vulnerable versions = 2.1.0 Fixed in 2.1.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3605 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 4c5ededd8a8e Credits Krzysztof Zając Required privilege...

10CVSS6.8AI score0.04186EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder