Remote Code Inclusion Vulnerability in Hotel Booking Lite by MotoPress
CVE-2025-66078

Currently unrated

Key Information:

Vendor

WordPress
Status
Hotel Booking Lite
Vendor
CVE Published:
18 December 2025

What is CVE-2025-66078?

A vulnerability in the MotoPress Hotel Booking Lite plugin allows attackers to execute unauthorized code through remote code inclusion. Versions from n/a up to 5.2.3 are susceptible to this issue. If exploited, this security flaw can lead to the execution of arbitrary code on the affected systems, posing significant risks to user data and system integrity.

Affected Version(s)

Hotel Booking Lite <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/moto...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

benzdeus | Patchstack Bug Bounty Program
JSON
.
CVE-2025-66078 : Remote Code Inclusion Vulnerability in Hotel Booking Lite by MotoPress