Path Traversal Vulnerability in WP Hotel Booking by ThimPress
CVE-2024-51582

8.8HIGH

Key Information:

Vendor: WordPress
Status: WP Hotel Booking
Vendor: CVE Published:; 4 November 2024

Summary

A path traversal vulnerability has been identified in the WP Hotel Booking plugin developed by ThimPress. This issue allows attackers to exploit path traversal methods to gain unauthorized access to PHP files on the server, leading to potential local file inclusion. This vulnerability affects all versions of WP Hotel Booking up to 2.1.4, highlighting a significant security concern for users utilizing this plugin. Proper security measures should be taken to mitigate the risks associated with this vulnerability.

References

https://patchstack.com/database/vulnerability/wp-hotel-bo...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 4, 2024