Hostel@* Security Vulnerabilities and Issues — Hostel@* CVE List

Lucene search

KibokolabsHostel*

5 matches found

CVE•added 2019/05/27 9:29 p.m.•77 views

CVE-2019-12345

XSS exists in the Kiboko Hostel plugin before 1.1.4 for WordPress.

6.1CVSS6AI score0.00261EPSS

CVE•added 2023/06/05 2:15 p.m.•49 views

CVE-2023-0545

The Hostel WordPress plugin before 1.1.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

4.8CVSS4.9AI score0.00084EPSS

CVE•added 2024/07/13 6:15 a.m.•45 views

CVE-2024-3753

The Hostel WordPress plugin before 1.1.5.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

5.9CVSS5.5AI score0.00299EPSS

CVE•added 2025/07/10 6:15 a.m.•19 views

CVE-2025-6236

The Hostel WordPress plugin before 1.1.5.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

4.8CVSS5.8AI score0.00027EPSS

CVE•added 2025/07/10 6:15 a.m.•17 views

CVE-2025-6234

The Hostel WordPress plugin before 1.1.5.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

6.1CVSS6.2AI score0.0003EPSS