🎉Wordfence just launched its bug bounty program. Over the next 6 months, all awarded bounties receive a 10% bonus. Register as a researcher and submit your vulnerabilities today!

As a reminder, the Wordfence Intelligence Vulnerability Database API is completely free to query and utilize, both personally and commercially, and contains all the same vulnerability data as the user interface. Please review the API documentation and Webhook documentation for more information on how to query the vulnerability API endpoints and configure webhooks utilizing all the same data present in the Wordfence Intelligence user interface.

WP Hotel Booking

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > WP Hotel Booking

Information

Software Type	Plugin
Software Slug	wp-hotel-booking (view on wordpress.org)
Software Status	Active
Software Author	thimpress
Software Website	thimpress.com
Software Downloads	299,420
Software Active Installs	9,000
Software Record Last Updated	November 29, 2023

7 Vulnerabilities

WP Hotel Booking <= 2.0.7 - Unauthenticated SQL Injection

9.8

CVE-2023-5652

Oct 26, 2023

Researcher: Krzysztof Zając

WP Hotel Booking <= 2.0.8 - Insufficient Authorization to Unauthorized Post Deletion

4.3

CVE-2023-5799

Oct 26, 2023

Researcher: Erwan LR

WP Hotel Booking <= 2.0.7 - Missing Authorization to (Subscriber+) Arbitrary Post Deletion

5.3

CVE-2023-5651

Oct 20, 2023

Researcher: Krzysztof Zając

WP Hotel Booking <= 2.0.0 - Missing Authorization to Settings Update

7.5

CVE ID Unknown

Aug 22, 2022

Researcher: WPScanTeam

WP Hotel Booking <= 1.10.5 - Cross-Site Request Forgery

8.8

CVE-2021-36852

Aug 2, 2022

Researcher: Ngo Van Thien

WP Hotel Booking <= 1.10.3 - Remote Code Execution

9.8

CVE-2020-29047

Dec 8, 2020

Researcher: Nick Blundell

WP Hotel Booking <= 1.10.1 - Cross-Site Request Forgery Bypass

4.3

CVE-2020-36757

Sep 16, 2020

Researcher: Jerome Bruandet

Title	CVE ID	CVSS	Researchers	Date
WP Hotel Booking <= 2.0.7 - Unauthenticated SQL Injection	CVE-2023-5652	9.8	Krzysztof Zając	October 26, 2023
WP Hotel Booking <= 2.0.8 - Insufficient Authorization to Unauthorized Post Deletion	CVE-2023-5799	4.3	Erwan LR	October 26, 2023
WP Hotel Booking <= 2.0.7 - Missing Authorization to (Subscriber+) Arbitrary Post Deletion	CVE-2023-5651	5.3	Krzysztof Zając	October 20, 2023
WP Hotel Booking <= 2.0.0 - Missing Authorization to Settings Update		7.5	WPScanTeam	August 22, 2022
WP Hotel Booking <= 1.10.5 - Cross-Site Request Forgery	CVE-2021-36852	8.8	Ngo Van Thien	August 2, 2022
WP Hotel Booking <= 1.10.3 - Remote Code Execution	CVE-2020-29047	9.8	Nick Blundell	December 8, 2020
WP Hotel Booking <= 1.10.1 - Cross-Site Request Forgery Bypass	CVE-2020-36757	4.3	Jerome Bruandet	September 16, 2020

All the threat data shared in this database is powered by Wordfence Intelligence Enterprise.
Interested in integrating this data into your platform or network?
Contact us now to discuss API access to our Wordfence Intelligence Enterprise Data Feeds.

Inquire Now

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation