Wp Hotel Booking

CVEs (3)

• CVE-2025-8942CriSep 18, 2025
  risk 0.59cvss 9.1epss 0.00

  The WP Hotel Booking WordPress plugin before 2.2.3 lacks proper server-side validation for review ratings, allowing an attacker to manipulate the rating value (e.g., sending negative or out-of-range values) by intercepting and modifying requests.

• CVE-2025-63012MedDec 9, 2025
  risk 0.28cvss 4.3epss 0.00

  Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows Cross Site Request Forgery.This issue affects WP Hotel Booking: from n/a through <= 2.2.8.

• CVE-2025-47448MedMay 7, 2025
  risk 0.28cvss 4.3epss 0.00

  Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows Cross Site Request Forgery.This issue affects WP Hotel Booking: from n/a through <= 2.1.9.