Lucene search
K
ThimpressWp Hotel Booking

12 matches found

CVE
CVE
added 2024/06/20 2:8 a.m.132 views

CVE-2024-3605

The CVE-2024-3605 entry concerns the WordPress plugin WP Hotel Booking (versions up to and including 2.1.0) and describes an SQL Injection flaw in the /wphb/v1/rooms/search-rooms REST API endpoint, exploitable via the room_type parameter. The root cause is insufficient escaping of the user-suppli...

10CVSS9.7AI score0.04186EPSS
In wildWeb
CVE
CVE
added 2021/03/03 5:15 p.m.106 views

CVE-2020-29047

The CVE-2020-29047 entry concerns the WordPress plugin WP Hotel Booking (versions

9.8CVSS9.8AI score0.14269EPSS
CVE
CVE
added 2023/11/20 6:55 p.m.85 views

CVE-2023-5652

CVE-2023-5652 affects the WordPress plugin WP Hotel Booking, prior to version 2.0.8. The vulnerability arises from missing authorization and CSRF checks and from insufficient escaping of user input in a SQL statement executed in an admin_init hook, enabling unauthenticated users to perform SQL in...

9.8CVSS9.8AI score0.63711EPSS
Web
CVE
CVE
added 2022/08/22 2:45 p.m.76 views

CVE-2021-36852

CVE-2021-36852 is a CSRF vulnerability in the WordPress ThimPress WP Hotel Booking plugin versions

8CVSS6.1AI score0.00325EPSS
CVE
CVE
added 2024/03/29 2:17 p.m.69 views

CVE-2024-30508

CVE-2024-30508: Missing Authorization vulnerability in ThimPress WP Hotel Booking. Affects WP Hotel Booking

9.8CVSS8.6AI score0.00519EPSS
CVE
CVE
added 2023/11/20 6:55 p.m.57 views

CVE-2023-5651

The CVE targets the WordPress plugin WP Hotel Booking prior to version 2.0.8. Root cause: lack of authorization checks and CSRF protection, and failure to verify that the item to be deleted is a package. Impact: allows any authenticated user (e.g., a subscriber) to delete arbitrary posts, enablin...

5.4CVSS5.5AI score0.00271EPSS
Web
CVE
CVE
added 2025/01/22 11:7 a.m.57 views

CVE-2024-13447

CVE-2024-13447 (WP Hotel Booking plugin for WordPress) suffers from a missing capability check on the hotel_booking_load_order_user AJAX action in all versions up to 2.1.6, enabling authenticated users with Subscriber-level access and above to retrieve a list of registered user emails. The vulner...

4.3CVSS4.3AI score0.00347EPSS
CVE
CVE
added 2024/10/02 4:31 a.m.57 views

CVE-2024-7855

CVE-2024-7855 affects the WordPress plugin WP Hotel Booking (versions

8.8CVSS8.9AI score0.1502EPSS
CVE
CVE
added 2023/11/20 6:55 p.m.54 views

CVE-2023-5799

WP Hotel Booking WordPress plugin prior to 2.0.8 is affected by an authorization flaw in package deletion, allowing Contributor and above roles to delete posts that do not belong to them. The issue originates from insufficient access checks on the deletion operation and is documented across multi...

5.4CVSS5.4AI score0.0052EPSS
Web
CVE
CVE
added 2024/11/04 1:38 p.m.50 views

CVE-2024-51582

CVE-2024-51582 is a Path Traversal leading to PHP Local File Inclusion in the WP Hotel Booking plugin (affected

8.8CVSS5.9AI score0.0051EPSS
CVE
CVE
added 2025/01/17 8:25 a.m.47 views

CVE-2024-12370

CVE-2024-12370 affects the WordPress plugin WP Hotel Booking. The vulnerability is an unauthorized data modification flaw caused by a missing capability check when adding rooms, affecting all versions up to 2.1.5. This enables unauthenticated attackers to add rooms with custom prices. The issue i...

5.3CVSS5.1AI score0.00306EPSS
CVE
CVE
added 2023/07/12 6:52 a.m.41 views

CVE-2020-36757

The WP Hotel Booking plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to 1.10.1 due to missing or incorrect nonce validation on the admin_add_order_item() function. This allows unauthenticated attackers to add an order item via a forged request by tricking a site ad...

4.3CVSS4.2AI score0.0035EPSS