CVE-2024-12370

Medium CVSS: 5.3

The WP Hotel Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check when adding rooms in all versions up to, and including, 2.1.5. This makes it possible for unauthenticated attackers to add rooms with custom prices.

Vendor

Thimpress

Product

Wp Hotel Booking

CWE

CWE-284

Yayın Tarihi

2025-01-17 09:15:07

Güncelleme

2025-02-11 21:42:23

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-284 Wp Hotel Booking MEDIUM Thimpress 2025

Referanslar

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3210798%40wp-hotel-booking%2Ftags%2F2.1.5&new=3214765%40wp-hotel-booking%2Ftags%2F2.1.6 https://www.wordfence.com/threat-intel/vulnerabilities/id/5df32365-5381-48e0-9313-7e83c4c6c440?source=cve

Benzer Kayıtlar

High

CVE-2025-60227

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThimPress WP Pipes wp-pi…

High

CVE-2025-28977

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress WP Pipes…

High

CVE-2025-28979

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in…

Critical

CVE-2025-28982

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThimPress WP Pipes…

High

CVE-2025-48267

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThimPress WP Pipes allow…

Medium

CVE-2024-13127

The LearnPress WordPress plugin before 4.2.7.5.1 does not sanitise and escape some of its settings, which could allow h…