Unauthenticated PHP Object Injection Vulnerability in Hotel Booking Lite Plugin
CVE-2024-4413
9.8CRITICAL
What is CVE-2024-4413?
The Hotel Booking Lite plugin for WordPress contains a vulnerability related to PHP Object Injection that arises from the deserialization of untrusted input. All versions up to and including 4.11.1 are affected. This flaw allows unauthenticated attackers to inject PHP Objects, posing significant risks, particularly if a PHP Object Pollution (POP) chain is achieved through another malicious plugin or theme on the target website. Such exploitation could lead to unauthorized file deletions, retrieval of sensitive information, or arbitrary code execution, thereby compromising the integrity and security of the affected WordPress site.
Affected Version(s)
Hotel Booking Lite * <= 4.11.1