Thimpress Wp Hotel Booking
13 CVEs affecting Thimpress Wp Hotel Booking. Latest disclosed: 2026-01-17. Critical: 1, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-3605 | Critical | 10.0 | 2024-06-20 | The WP Hotel Booking plugin for WordPress is vulnerable to SQL Injection via the 'room_type' parameter of the /wphb/v1/rooms/search-rooms REST API endpoint in… |
CVE-2024-7855 | High | 8.8 | 2024-10-02 | The WP Hotel Booking plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the update_review() function in all ve… |
CVE-2024-51582 | High | 7.5 | 2024-11-04 | Path Traversal: '.../...//' vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows PHP Local File Inclusion.This issue affects WP Hotel Booking: f… |
CVE-2024-30508 | Medium | 6.5 | 2024-03-29 | Missing Authorization vulnerability in ThimPress WP Hotel Booking.This issue affects WP Hotel Booking: from n/a through 2.0.9.2. |
CVE-2025-63011 | Medium | 5.9 | 2025-12-09 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows DOM-Ba… |
CVE-2025-14075 | Medium | 5.3 | 2026-01-17 | The WP Hotel Booking plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.7. This is due to the plugi… |
CVE-2024-12370 | Medium | 5.3 | 2025-01-17 | The WP Hotel Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check when adding rooms in all version… |
CVE-2025-63013 | Medium | 4.3 | 2025-12-09 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows Retrieve Embedde… |
CVE-2025-63012 | Medium | 4.3 | 2025-12-09 | Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows Cross Site Request Forgery.This issue affects WP Hotel Bo… |
CVE-2025-47448 | Medium | 4.3 | 2025-05-07 | Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows Cross Site Request Forgery.This issue affects WP Hotel Bo… |
CVE-2024-13447 | Medium | 4.3 | 2025-01-22 | The WP Hotel Booking plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hotel_booking_load_order_user A… |
CVE-2020-36757 | Medium | 4.3 | 2023-07-12 | The WP Hotel Booking plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.10.1. This is due to missing or incor… |
CVE-2021-36852 | Medium | 4.3 | 2022-08-22 | Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Hotel Booking plugin <= 1.10.5 at WordPress. |