2 matches found
CVE-2025-8942 WP Hotel Booking < 2.2.3 - Subscriber+ Rating Manipulation
The WP Hotel Booking WordPress plugin before 2.2.3 lacks proper server-side validation for review ratings, allowing an attacker to manipulate the rating value e.g., sending negative or out-of-range values by intercepting and modifying requests...
CVE-2024-50945
An improper access control vulnerability exists in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f, allowing users to submit reviews without verifying if they have purchased the product...