6 matches found
CVE-2025-63011
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows DOM-Based XSS.This issue affects WP Hotel Booking: from n/a through = 2.2.8...
CVE-2025-28979
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThimPress WP Pipes allows PHP Local File Inclusion. This issue affects WP Pipes: from n/a through 1.4.3...
CVE-2025-28982 WordPress WP Pipes plugin <= 1.4.3 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ThimPress WP Pipes allows SQL Injection. This issue affects WP Pipes: from n/a through 1.4.3...
CVE-2024-30508
Missing Authorization vulnerability in ThimPress WP Hotel Booking.This issue affects WP Hotel Booking: from n/a through 2.0.9.2...
CVE-2021-36852
Cross-Site Request Forgery CSRF vulnerability in ThimPress WP Hotel Booking plugin = 1.10.5 at WordPress...
PT-2022-10578 · Thimpress · Thimpress Wp Hotel Booking
Name of the Vulnerable Software and Affected Versions: ThimPress WP Hotel Booking plugin versions = 1.10.5 Description: A Cross-Site Request Forgery CSRF issue exists, which is a type of attack that tricks a user into performing unintended actions on a web application. This occurs because the...