7 matches found
CVE-2023-5652
CVE-2023-5652 affects the WordPress plugin WP Hotel Booking, prior to version 2.0.8. The vulnerability arises from missing authorization and CSRF checks and from insufficient escaping of user input in a SQL statement executed in an admin_init hook, enabling unauthenticated users to perform SQL in...
CVE-2024-30508
CVE-2024-30508: Missing Authorization vulnerability in ThimPress WP Hotel Booking. Affects WP Hotel Booking
CVE-2024-7855
CVE-2024-7855 affects the WordPress plugin WP Hotel Booking (versions
CVE-2023-5651
The CVE targets the WordPress plugin WP Hotel Booking prior to version 2.0.8. Root cause: lack of authorization checks and CSRF protection, and failure to verify that the item to be deleted is a package. Impact: allows any authenticated user (e.g., a subscriber) to delete arbitrary posts, enablin...
CVE-2024-13447
CVE-2024-13447 (WP Hotel Booking plugin for WordPress) suffers from a missing capability check on the hotel_booking_load_order_user AJAX action in all versions up to 2.1.6, enabling authenticated users with Subscriber-level access and above to retrieve a list of registered user emails. The vulner...
CVE-2023-5799
WP Hotel Booking WordPress plugin prior to 2.0.8 is affected by an authorization flaw in package deletion, allowing Contributor and above roles to delete posts that do not belong to them. The issue originates from insufficient access checks on the deletion operation and is documented across multi...
CVE-2024-12370
CVE-2024-12370 affects the WordPress plugin WP Hotel Booking. The vulnerability is an unauthorized data modification flaw caused by a missing capability check when adding rooms, affecting all versions up to 2.1.5. This enables unauthenticated attackers to add rooms with custom prices. The issue i...