Vulnerabilities > Thimpress > WP Hotel Booking > 2.1.5

DATE CVE VULNERABILITY TITLE RISK
2025-01-22 CVE-2024-13447 Missing Authorization vulnerability in Thimpress WP Hotel Booking
The WP Hotel Booking plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hotel_booking_load_order_user AJAX action in all versions up to, and including, 2.1.6.
network
low complexity
thimpress CWE-862
4.3
4.3
2025-01-17 CVE-2024-12370 Missing Authorization vulnerability in Thimpress WP Hotel Booking
The WP Hotel Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check when adding rooms in all versions up to, and including, 2.1.5.
network
low complexity
thimpress CWE-862
5.3
5.3