HotelRunner Booking Widget — Vulnerabilities & Security Advisories 2

All 2 CVE vulnerabilities found in HotelRunner Booking Widget, with AI-generated Chinese analysis, references, and POCs.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-13135	HotelRunner Booking Widget <= 5.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79	6.4	Medium	2025-11-21
CVE-2025-60168	WordPress HotelRunner Booking Widget Plugin <= 1.6 - Cross Site Request Forgery (CSRF) Vulnerability CWE-352	6.1^AI	Medium^AI	2025-10-22

All 2 known CVE vulnerabilities affecting HotelRunner Booking Widget with full Chinese analysis, references, and POCs where available.