Wp Hotel Booking@* Security Vulnerabilities and Issues — Wp Hotel Booking@* CVE List

Lucene search

ThimpressWp Hotel Booking*

4 matches found

CVE•added 2024/06/20 2:15 a.m.•103 views

CVE-2024-3605

The WP Hotel Booking plugin for WordPress is vulnerable to SQL Injection via the 'room_type' parameter of the /wphb/v1/rooms/search-rooms REST API endpoint in all versions up to, and including, 2.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

10CVSS9.7AI score0.44837EPSS

CVE•added 2024/03/29 3:15 p.m.•54 views

CVE-2024-30508

Missing Authorization vulnerability in ThimPress WP Hotel Booking.This issue affects WP Hotel Booking: from n/a through 2.0.9.2.

9.8CVSS6.8AI score0.00243EPSS

CVE•added 2024/10/02 5:15 a.m.•40 views

CVE-2024-7855

The WP Hotel Booking plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the update_review() function in all versions up to, and including, 2.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload ar...

8.8CVSS8.9AI score0.0836EPSS

CVE•added 2024/11/04 2:15 p.m.•33 views

CVE-2024-51582

Path Traversal: '.../...//' vulnerability in ThimPress WP Hotel Booking allows PHP Local File Inclusion.This issue affects WP Hotel Booking: from n/a through 2.1.4.

8.8CVSS7.9AI score0.0031EPSS