Thimpress Wp Hotel Booking — known CVE vulnerabilities
Every CVE whose affected-product data names Thimpress Wp Hotel Booking, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (12)
CVE-2024-3605 — CVSS 10.0 (critical): The WP Hotel Booking plugin for WordPress is vulnerable to SQL Injection via the 'room_type' parameter of the /wphb/v1/rooms/search-rooms…
CVE-2023-5652 — CVSS 9.8 (critical): The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not escape user input…
CVE-2020-29047 — CVSS 9.8 (critical): The wp-hotel-booking plugin through 1.10.2 for WordPress allows remote attackers to execute arbitrary code because of an unserialize…
CVE-2024-7855 — CVSS 8.8 (high): The WP Hotel Booking plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the…
CVE-2024-51582 — CVSS 7.5 (high): Path Traversal: '.../...//' vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows PHP Local File Inclusion.This issue affects…
CVE-2024-30508 — CVSS 6.5 (medium): Missing Authorization vulnerability in ThimPress WP Hotel Booking.This issue affects WP Hotel Booking: from n/a through 2.0.9.2.
CVE-2023-5651 — CVSS 5.4 (medium): The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not ensure that the package…
CVE-2023-5799 — CVSS 5.4 (medium): The WP Hotel Booking WordPress plugin before 2.0.8 does not have proper authorisation when deleting a package, allowing Contributor and…
CVE-2024-12370 — CVSS 5.3 (medium): The WP Hotel Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check when adding…
CVE-2024-13447 — CVSS 4.3 (medium): The WP Hotel Booking plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the…
CVE-2021-36852 — CVSS 4.3 (medium): Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Hotel Booking plugin <= 1.10.5 at WordPress.
CVE-2020-36757 — CVSS 4.3 (medium): The WP Hotel Booking plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.10.1. This is due…