VYPR

Motopress Hotel Booking Lite

by WordPress

Source repositories

CVEs (2)

  • CVE-2024-4413CriMay 14, 2024
    risk 0.64cvss 9.8epss 0.01

    The Hotel Booking Lite plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.11.1 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in…

  • CVE-2026-8684MedMay 22, 2026
    risk 0.27cvss 5.3epss 0.00

    The MotoPress Hotel Booking plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated…