CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

44 matches found

RedhatCVE•added 2025/11/22 8:35 a.m.•2 views

CVE-2025-13135

The HotelRunner Booking Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'hotelrunner' shortcode in all versions up to, and including, 5.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5AI score0.00032EPSS

Exploits0References1

NVD•added 2025/11/21 8:15 a.m.•3 views

CVE-2025-13135

6.4CVSS0.00032EPSS

Exploits0References2

CVE•added 2025/11/21 7:31 a.m.•13 views

CVE-2025-13135

CVE-2025-13135: HotelRunner Booking Widget (WordPress) is affected by Stored Cross-Site Scripting via the hotelrunner shortcode in versions

6.4CVSS4.7AI score0.00032EPSS

Exploits0References2

Vulnrichment•added 2025/11/21 7:31 a.m.•1 views

CVE-2025-13135 HotelRunner Booking Widget <= 5.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4CVSS4.7AI score0.00032EPSS

Exploits0References2

EUVD•added 2025/11/21 7:31 a.m.•1 views

EUVD-2025-198387

6.4CVSS4.7AI score0.00032EPSS

Exploits0References3

Cvelist•added 2025/11/21 7:31 a.m.•5 views

CVE-2025-13135 HotelRunner Booking Widget <= 5.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4CVSS0.00032EPSS

Exploits0References2

Positive Technologies•added 2025/11/21 12:0 a.m.•2 views

PT-2025-47700

6.4CVSS5AI score0.00032EPSS

Exploits0References3

CNNVD•added 2025/11/21 12:0 a.m.•1 views

WordPress plugin HotelRunner Booking Widget 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin ... A cross-site...

6.4CVSS5.8AI score0.00032EPSS

Exploits0References3

Patchstack•added 2025/11/20 10:55 p.m.•3 views

WordPress HotelRunner Booking Widget plugin <= 5.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Mohamed amine Ouamar in WordPress Plugin HotelRunner Booking Widget versions = 5.2.4...

6.4CVSS5.7AI score0.00032EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2025/10/23 3:14 p.m.•4 views

CVE-2025-60168

Cross-Site Request Forgery CSRF vulnerability in integrationshotelrunner HotelRunner Booking Widget hotelrunner allows Stored XSS.This issue affects HotelRunner Booking Widget: from n/a through = 1.6...

7.1CVSS6.6AI score0.00016EPSS

Exploits0References1

EUVD•added 2025/10/22 3:31 p.m.•3 views

EUVD-2025-35421

5.3CVSS6.1AI score0.00016EPSS

Exploits0References2

NVD•added 2025/10/22 3:15 p.m.•2 views

CVE-2025-60168

7.1CVSS0.00016EPSS

Exploits0References1

Vulnrichment•added 2025/10/22 2:32 p.m.•2 views

CVE-2025-60168 WordPress HotelRunner Booking Widget Plugin <= 1.6 - Cross Site Request Forgery (CSRF) Vulnerability

7.1CVSS6.3AI score0.00016EPSS

Exploits0References1

CVE•added 2025/10/22 2:32 p.m.•6 views

CVE-2025-60168

CVE-2025-60168 describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin HotelRunner Booking Widget (also referenced as integrationshotelrunner) that allows Stored XSS. Public descriptions in Red Hat and ENISA entries mirror the same flaw and note the affected widget ver...

7.1CVSS6.3AI score0.00016EPSS

Exploits0References1

Cvelist•added 2025/10/22 2:32 p.m.•7 views

CVE-2025-60168 WordPress HotelRunner Booking Widget Plugin <= 1.6 - Cross Site Request Forgery (CSRF) Vulnerability

7.1CVSS0.00016EPSS

Exploits0References1

CNNVD•added 2025/10/22 12:0 a.m.•2 views

WordPress plugin HotelRunner Booking Widget 安全漏洞

7.1CVSS6AI score0.00016EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-22318