16 matches found
EUVD-2026-43149
The WP Hotel Booking plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in all versions up to, and including, 2.3.1. This is due to the webhookprocesspaypalstandard IPN handler selecting its PayPal validation endpoint from the attacker-controlled $REQUEST'testipn...
CVE-2026-9822
The CVE-2026-9822 entry concerns the WP Hotel Booking WordPress plugin prior to version 2.3.1. Root cause: missing capability checks in several AJAX handlers. Impact: authenticated users with Subscriber-level access can read other users’ booking line items, enumerate active coupons, and read pric...
WordPress plugin Hotel Booking 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
CVE-2025-63013
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows Retrieve Embedded Sensitive Data.This issue affects WP Hotel Booking: from n/a through = 2.2.7...
PT-2025-50032
Cross-Site Request Forgery CSRF vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows Cross Site Request Forgery.This issue affects WP Hotel Booking: from n/a through = 2.2.7...
EUVD-2025-29843
Malicious code in bioql PyPI...
CVE-2025-53259 WordPress Hotel Booking plugin <= 3.7 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in nicdark Hotel Booking nd-booking allows PHP Local File Inclusion.This issue affects Hotel Booking: from n/a through = 3.7...
CVE-2025-53259
CVE-2025-53259 affects the nicdark Hotel Booking WordPress plugin (versions n/a through 3.7) and is a Local File Inclusion due to improper control of filename in PHP Include/Require. The vulnerability enables access to local files via PHP inclusion, with potential impact on confidentiality, integ...
CVE-2025-47498 WordPress Hotel Booking <= 3.6 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in nicdark Hotel Booking allows PHP Local File Inclusion. This issue affects Hotel Booking: from n/a through 3.6...
PT-2025-2175 · WordPress · Wp Hotel Booking
Name of the Vulnerable Software and Affected Versions: WP Hotel Booking plugin for WordPress versions up to, and including, 2.1.6 Description: The issue is related to unauthorized access of data due to a missing capability check on the hotel booking load order user AJAX action. This allows...
CVE-2024-51582
Path Traversal: '.../...//' vulnerability in ThimPress WP Hotel Booking allows PHP Local File Inclusion.This issue affects WP Hotel Booking: from n/a through 2.1.4...
WordPress Hotel Booking Lite plugin <= 4.11.1 - Unauthenticated PHP Object Injection vulnerability
Unauthenticated PHP Object Injection vulnerability discovered by Trinh Vu Sonicrrrr in WordPress Plugin Hotel Booking Lite versions = 4.11.1...
WordPress Hotel Booking Lite Plugin <= 4.11.1 is vulnerable to PHP Object Injection
Software Hotel Booking Lite Type Plugin Vulnerable versions = 4.11.1 Fixed in 4.11.2 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-4413 Patch priority High CVSS severity High 9 Developer Claim ownership PSID f9d7cef7773f Credits Trinh Vu Sonicrrrr Required privilege...
WordPress Plugin WP Hotel Booking 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
CVE-2022-29443 WordPress Hotel Booking plugin <= 3.0 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities
Multiple Authenticated contributor or higher user role Stored Cross-Site Scripting XSS vulnerabilities in Nicdark's Hotel Booking plugin = 3.0 at WordPress...
WordPress Hotel Booking System Pro 1.1 Cross Site Scripting
Exploit Title: WordPress Hotel Booking System Pro v1.1 XSS Vunlerability Google Dork:N/A Date: 2020-04-04 Exploit Author: @ThelastVvV Vendor Homepage: https://codecanyon.net/item/online-hotel-booking-system-pro-wordpress-plugin/9338914 Version: 1.1 Tested on: 5.4.0-4parrot1-amd64...