cleantalk
Vulnerabilities and Security Researches

WP Hotel Booking, d15f47f8730de77efe1ed67af61b35517347b26c

CVE, Research URL

d15f47f8730de77efe1ed67af61b35517347b26c

Home page URL

Security reports for WP Hotel Booking

Application

WP Hotel Booking

Published on
Feb 03, 2024
Research Description
WP Hotel Booking [wp-hotel-booking] < 2.0.9.3 WP Hotel Booking <= 2.0.9.2 - Improper Authorization on Multiple REST API Routes The WP Hotel Booking plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to an improper capability check on the 'pricing_plans', 'block_date', 'manager_bookings', and 'update_field_room' functions for the 'pricing-plans', 'block-date', 'manager-bookings', and 'update-field' REST routes, respectively, in versions up to, and including, 2.0.9.2. This makes it possible for unauthenticated attackers to expose sensitive information about bookings or modify them.
Affected versions
max 2.0.9.3.
Status
vulnerable
Previous vulnerability researches
WP Hotel Booking (CVE-2026-9822) , Jun 21, 2026
WP Hotel Booking (CVE-2025-14075) , Jan 28, 2026
WP Hotel Booking (CVE-2025-8942) , Apr 27, 2026
WP Hotel Booking (CVE-2024-12370) , Jan 18, 2025
WP Hotel Booking (CVE-2024-7855) , Oct 03, 2024
New vulnerability
Simple File List (CVE-2026-11911) , Jun 21, 2026
Simple File List (CVE-2026-12119) , Jun 21, 2026
Simple File List (CVE-2026-11912) , Jun 21, 2026
WP Hotel Booking (CVE-2026-9822) , Jun 21, 2026
Branda – White Label WordPress, Custom Login Page Customizer (CVE-2026-11551) , Jun 21, 2026