Lucene search
K

7 matches found

CVE
CVE
added 2023/11/20 6:55 p.m.86 views

CVE-2023-5652

CVE-2023-5652 affects the WordPress plugin WP Hotel Booking, prior to version 2.0.8. The vulnerability arises from missing authorization and CSRF checks and from insufficient escaping of user input in a SQL statement executed in an admin_init hook, enabling unauthenticated users to perform SQL in...

9.8CVSS9.8AI score0.63711EPSS
Web
CVE
CVE
added 2024/03/29 2:17 p.m.71 views

CVE-2024-30508

CVE-2024-30508: Missing Authorization vulnerability in ThimPress WP Hotel Booking. Affects WP Hotel Booking

9.8CVSS8.6AI score0.00519EPSS
CVE
CVE
added 2024/10/02 4:31 a.m.58 views

CVE-2024-7855

CVE-2024-7855 affects the WordPress plugin WP Hotel Booking (versions

8.8CVSS8.9AI score0.17128EPSS
CVE
CVE
added 2023/11/20 6:55 p.m.57 views

CVE-2023-5651

The CVE targets the WordPress plugin WP Hotel Booking prior to version 2.0.8. Root cause: lack of authorization checks and CSRF protection, and failure to verify that the item to be deleted is a package. Impact: allows any authenticated user (e.g., a subscriber) to delete arbitrary posts, enablin...

5.4CVSS5.5AI score0.00271EPSS
Web
CVE
CVE
added 2025/01/22 11:7 a.m.57 views

CVE-2024-13447

CVE-2024-13447 (WP Hotel Booking plugin for WordPress) suffers from a missing capability check on the hotel_booking_load_order_user AJAX action in all versions up to 2.1.6, enabling authenticated users with Subscriber-level access and above to retrieve a list of registered user emails. The vulner...

4.3CVSS4.3AI score0.00347EPSS
CVE
CVE
added 2023/11/20 6:55 p.m.54 views

CVE-2023-5799

WP Hotel Booking WordPress plugin prior to 2.0.8 is affected by an authorization flaw in package deletion, allowing Contributor and above roles to delete posts that do not belong to them. The issue originates from insufficient access checks on the deletion operation and is documented across multi...

5.4CVSS5.4AI score0.0052EPSS
Web
CVE
CVE
added 2025/01/17 8:25 a.m.47 views

CVE-2024-12370

CVE-2024-12370 affects the WordPress plugin WP Hotel Booking. The vulnerability is an unauthorized data modification flaw caused by a missing capability check when adding rooms, affecting all versions up to 2.1.5. This enables unauthenticated attackers to add rooms with custom prices. The issue i...

5.3CVSS5.1AI score0.00306EPSS