WP Hotel Booking < 2.2.3 – Subscriber+ Rating Manipulation | CVE 2025-8942

Description

The plugin lacks proper server-side validation for review ratings, allowing an attacker to manipulate the rating value (e.g., sending negative or out-of-range values) by intercepting and modifying requests.

Proof of Concept

1. Navigate to an existing room’s detail page on the frontend and Go to the "Review" tab of the room.  
2. Fill in the review form with a valid rating (1-5) and review text.  
3. Submit the review while intercepting the request.
4. In the intercepted request, locate the "rating" parameter and modify its value to a negative number, such as "-1000" and forward the modified request to the server.  
5. Confirm that the server accepts and stores the negative rating value breaking the intended rating scale.