Lucene search
K

71 matches found

Nuclei
Nuclei
added 2 days ago24 views

WP Hotel Booking < 1.10.4 - PHP Object Injection

The wp-hotel-booking plugin through 1.10.2 for WordPress allows remote attackers to execute arbitrary code because of an unserialize operation on the thimpresshotelbooking1 cookie in load in includes/class-wphb-sessions.php. id: CVE-2020-29047 info: name: WP Hotel Booking 1.10.4 - PHP Object...

9.8CVSS7.6AI score0.14269EPSS
Exploits2References3
Nuclei
Nuclei
added 2 days ago13 views

WP Hotel Booking <= 2.0.7 - SQL Injection

WP Hotel Booking WordPress plugin before 2.0.8 contains a SQL injection caused by lack of authorization, CSRF checks, and input escaping in a function hooked to admininit, letting unauthenticated users perform SQL injections, exploit requires no authentication. id: CVE-2023-5652 info: name: WP...

9.8CVSS7.2AI score0.63711EPSS
Exploits2References2
VulnCheck KEV
VulnCheck KEV
added 2026/04/07 12:0 a.m.26 views

VulnCheck KEV: CVE-2024-3605

The WP Hotel Booking plugin for WordPress is vulnerable to SQL Injection via the 'roomtype' parameter of the /wphb/v1/rooms/search-rooms REST API endpoint in all versions up to, and including, 2.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...

10CVSS5.9AI score0.04186EPSS
In wildExploits1References2
EUVD
EUVD
added 2025/12/09 6:30 p.m.3 views

EUVD-2025-201998

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows DOM-Based XSS.This issue affects WP Hotel Booking: from n/a through = 2.2.7...

5.9AI score0.00167EPSS
Exploits0References2
NVD
NVD
added 2025/12/09 4:18 p.m.4 views

CVE-2025-63012

Cross-Site Request Forgery CSRF vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows Cross Site Request Forgery.This issue affects WP Hotel Booking: from n/a through = 2.2.8...

4.3CVSS0.00107EPSS
Exploits0References1
CVE
CVE
added 2025/12/09 2:52 p.m.8 views

CVE-2025-63012

CVE-2025-63012 corresponds to a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin WP Hotel Booking (wp-hotel-booking). Affected versions are WP Hotel Booking

4.3CVSS5.9AI score0.00107EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.4 views

WordPress plugin WP Hotel Booking 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

4.3CVSS6.4AI score0.00107EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/11/05 4:13 a.m.6 views

WordPress WP Hotel Booking plugin <= 2.2.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin WP Hotel Booking versions = 2.2.8...

5.9CVSS6.1AI score0.00167EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-50810

Malicious code in bioql PyPI...

5.3CVSS8.7AI score0.00306EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-28428

Malicious code in bioql PyPI...

9.8CVSS8.6AI score0.00519EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-45418

Malicious code in bioql PyPI...

8.8CVSS6.6AI score0.0051EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-13863

Malicious code in bioql PyPI...

4.3CVSS6.2AI score0.0014EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-48706

Malicious code in bioql PyPI...

8.8CVSS6.4AI score0.1502EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/09/18 9:33 p.m.6 views

WordPress WP Hotel Booking plugin < 2.2.3 - Subscriber+ Rating Manipulation vulnerability

Subscriber+ Rating Manipulation vulnerability discovered by Muhammed Çelik in WordPress Plugin WP Hotel Booking versions 2.2.3...

9.1CVSS6.7AI score0.00276EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/09/18 6:15 a.m.6 views

CVE-2025-8942

The WP Hotel Booking WordPress plugin before 2.2.3 lacks proper server-side validation for review ratings, allowing an attacker to manipulate the rating value e.g., sending negative or out-of-range values by intercepting and modifying requests...

9.1CVSS0.00276EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/18 12:0 a.m.5 views

WordPress plugin WP Hotel Booking 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

9.1CVSS6.6AI score0.00276EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:5 a.m.7 views

CVE-2024-30508

Missing Authorization vulnerability in ThimPress WP Hotel Booking.This issue affects WP Hotel Booking: from n/a through 2.0.9.2...

9.8CVSS8.6AI score0.00519EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:55 a.m.10 views

CVE-2024-12370

The WP Hotel Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check when adding rooms in all versions up to, and including, 2.1.5. This makes it possible for unauthenticated attackers to add rooms with custom prices...

5.3CVSS6.7AI score0.00306EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:33 a.m.7 views

CVE-2023-5799

The WP Hotel Booking WordPress plugin before 2.0.8 does not have proper authorisation when deleting a package, allowing Contributor and above roles to delete posts that do no belong to them...

5.4CVSS6.7AI score0.0052EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/05/23 4:32 a.m.11 views

CVE-2023-5652

The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not escape user input before using it in a SQL statement of a function hooked to admininit, allowing unauthenticated users to perform SQL injections...

9.8CVSS7.4AI score0.63711EPSS
Exploits2
Rows per page
Query Builder