VYPR

Hotel Booking Lite

by Motopress

CVEs (4)

  • CVE-2025-66078CriDec 18, 2025
    risk 0.59cvss 9.1epss 0.00

    Improper Control of Generation of Code ('Code Injection') vulnerability in jetmonsters Hotel Booking Lite motopress-hotel-booking-lite allows Remote Code Inclusion.This issue affects Hotel Booking Lite: from n/a through <= 5.2.3.

  • CVE-2022-50948MedMay 10, 2026
    risk 0.42cvss 6.4epss 0.00

    Motopress Hotel Booking Lite 4.2.4 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting payloads in accommodation type fields. Attackers can inject script tags through the title and excerpt parameters…

  • CVE-2023-28498MedNov 12, 2023
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in MotoPress Hotel Booking Lite plugin <= 4.6.0 versions.

  • CVE-2026-8684MedMay 22, 2026
    risk 0.27cvss 5.3epss 0.00

    The MotoPress Hotel Booking plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated…