Primary

Context

WP Hotel Booking Plugin Missing Authorization Vulnerability Allowing Unauthenticated Room Additions

Vulnerability

Patched

A vulnerability exists in the WP Hotel Booking plugin for WordPress, in all versions through 2.1.5. The issue arises from a lack of proper capability checks, which allows unauthorized users to add rooms with custom prices. This vulnerability could be exploited by unauthenticated attackers to manipulate room data.

Impact

Exploitation of this vulnerability could lead to unauthorized modifications of room data, including the addition of rooms with custom prices.

Remediation

Users are advised to update the WP Hotel Booking plugin to version 2.1.6 or a newer patched version.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.6

exploitability

8.2

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.6

exploitability

8.2

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WP Hotel Booking Plugin Missing Authorization Vulnerability Allowing Unauthenticated Room Additions

Vulnerability

Impact

Remediation

Affected Products

WP Hotel Booking

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating