Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

WP Hotel Booking — Vulnerabilities & Security Advisories 17

All 17 CVE vulnerabilities found in WP Hotel Booking, with AI-generated Chinese analysis, references, and POCs.

Vendor: ThimPress

CVE IDTitleCVSSSeverityPublished
CVE-2025-14075 WP Hotel Booking <= 2.2.7 - Unauthenticated Sensitive Information Exposure via 'email' Parameter CWE-200 5.3 Medium2026-01-17
CVE-2025-63012 WordPress WP Hotel Booking plugin <= 2.2.8 - Cross Site Request Forgery (CSRF) vulnerability CWE-352 4.3 Medium2025-12-09
CVE-2025-63011 WordPress WP Hotel Booking plugin <= 2.2.8 - Cross Site Scripting (XSS) vulnerability CWE-79 6.1AIMediumAI2025-12-09
CVE-2025-63013 WordPress WP Hotel Booking plugin <= 2.2.7 - Sensitive Data Exposure vulnerability CWE-497 4.3 Medium2025-12-09
CVE-2025-8942 WP Hotel Booking < 2.2.3 - Subscriber+ Rating Manipulation 5.3AIMediumAI2025-09-18
CVE-2025-47448 WordPress WP Hotel Booking plugin <= 2.1.9 - Cross Site Request Forgery (CSRF) Vulnerability CWE-352 4.3 Medium2025-05-07
CVE-2024-13447 WP Hotel Booking <= 2.1.6 - Missing Authorization to Authenticated (Subscriber+) User Email Retrieval CWE-862 4.3 Medium2025-01-22
CVE-2024-12370 WP Hotel Booking <= 2.1.5 - Missing Authorization CWE-284 5.3 Medium2025-01-17
CVE-2024-51582 WordPress WP Hotel Booking plugin <= 2.2.9 - Local File Inclusion vulnerability CWE-35 7.5 High2024-11-04
CVE-2024-7855 WP Hotel Booking <= 2.1.2 - Authenticated (Subscriber+) Arbitrary File Upload CWE-434 8.8 High2024-10-02
CVE-2024-3605 WP Hotel Booking <= 2.1.0 - Unauthenticated SQL Injection CWE-89 10.0 Critical2024-06-20
CVE-2024-30508 WordPress WP Hotel Booking plugin <= 2.0.9.2 - Broken Access Control vulnerability CWE-862 6.5 Medium2024-03-29
CVE-2023-5651 WP Hotel Booking < 2.0.8 - Subscriber+ Arbitrary Post Deletion 6.5AIMediumAI2023-11-20
CVE-2023-5799 WP Hotel Booking < 2.0.9 - Contributor+ Arbitrary Post Deletion 6.5AIMediumAI2023-11-20
CVE-2023-5652 WP Hotel Booking < 2.0.8 - Unauthenticated SQLi 9.8AICriticalAI2023-11-20
CVE-2020-36757 WP Hotel Booking <= 1.10.1 - Cross-Site Request Forgery Bypass CWE-352 4.3 Medium2023-07-12
CVE-2021-36852 WordPress WP Hotel Booking plugin <= 1.10.5 - Cross-Site Request Forgery (CSRF) vulnerability CWE-352 4.3 Medium2022-08-22

All 17 known CVE vulnerabilities affecting WP Hotel Booking with full Chinese analysis, references, and POCs where available.