Vulnerability in Wp Hotel Booking
CVE-2026-9822
The WP Hotel Booking WordPress plugin before 2.3.1 does not enforce capability checks in several of its AJAX handlers, allowing authenticated users with Subscriber-level access to read other users' booking line items, enumerate active coup…
Affected products
- Unknown Wp Hotel Booking — versions 0
References
- contact@wpscan.com (technical-description, exploit, vdb-entry)