WordPress Plugin Vulnerabilities

WP Hotel Booking < 2.1.7 - Missing Authorization to Authenticated (Subscriber+) User Email Retrieval

Description

The WP Hotel Booking plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hotel_booking_load_order_user AJAX action in all versions up to, and including, 2.1.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve a list of registered user emails.

Affects Plugins

Plugin icon
wp-hotel-booking
Fixed in 2.1.7

References

CVE
CVE-2024-13447
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/bc883e7e-af82-47e1-a0c0-122e6abd6b52

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Krzysztof Zając
Verified
No
WPVDB ID
aeac400c-6242-440f-b621-a028c6a150a4

Timeline

Publicly Published
2025-01-21 (about 1 year ago)
Added
2025-01-21 (about 1 year ago)
Last Updated
2025-01-22 (about 1 year ago)

Other

Published
Title
Published
2025-10-20
Title
Whydonate < 4.0.16 - Missing Authorization
Published
2025-09-22
Title
Lazy Blocks < 4.1.1 - Missing Authorization
Published
2026-04-07
Title
Event Tickets Manager for WooCommerce < 1.5.4 - Missing Authorization
Published
2024-04-25
Title
Secure Copy Content Protection and Content Locking < 3.9.1 - Missing Authorization
Published
2025-01-07
Title
ST Gallery WP <= 1.0.8 - Missing Authorization to Authenticated (Subscriber+) Settings Update