Cross-Site Scripting Vulnerability in Bob Hostel Plugin for WordPress
CVE-2025-66119

Currently unrated

Key Information:

Vendor

WordPress
Status
Hostel
Vendor
CVE Published:
18 December 2025

What is CVE-2025-66119?

The Bob Hostel plugin for WordPress is susceptible to a Cross-Site Scripting (XSS) vulnerability due to improper neutralization of input during web page generation. This vulnerability allows attackers to inject malicious scripts that can be executed in the context of the user’s browser, potentially compromising user data and exposing sensitive information. Affected versions include all versions up to 1.1.5.9, making it crucial for users to update their plugins immediately to mitigate this risk.

Affected Version(s)

Hostel <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/host...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Skalucy | Patchstack Bug Bounty Program
JSON
.
CVE-2025-66119 : Cross-Site Scripting Vulnerability in Bob Hostel Plugin for WordPress