Arbitrary File Uploads Vulnerability in WP Hotel Booking Plugin
CVE-2024-7855
What is CVE-2024-7855?
The WP Hotel Booking plugin for WordPress is susceptible to an arbitrary file upload vulnerability stemming from inadequate file type validation in the update_review() function. This vulnerability is present in all versions up to and including 2.1.2. Authenticated users, including those with subscriber-level access and higher, can exploit this weakness to upload malicious files, potentially leading to remote code execution on the affected site's server. Site administrators are urged to take immediate action to mitigate this risk by updating the plugin and implementing security best practices.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
WP Hotel Booking * <= 2.1.2
References
EPSS Score
62% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved