Vulnerabilities and security researches fornd-booking nd-booking

Apr 19, 2025

CVE, Research URL: CVE-2025-39526
Home page URL: Security reports for Hotel Booking
Application: Hotel Booking
Date: Apr 17, 2025
Research Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in nicdark Hotel Booking allows PHP Local File Inclusion. This issue affects Hotel Booking: from n/a through 3.6.
Affected versions: Min -, max -.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: CVE-2019-15774
Home page URL: Security reports for Hotel Booking
Application: Hotel Booking
Date: Aug 29, 2019
Research Description: The nd-booking plugin before 2.5 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2022-29443
Home page URL: Security reports for Hotel Booking
Application: Hotel Booking
Date: Jun 16, 2022
Research Description: Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Nicdark's Hotel Booking plugin <= 3.0 at WordPress.
Affected versions: Min -, max -.
Status: vulnerable