Critical 9.1
2025-09-18< 2.2.3
WP Hotel Booking <= 2.2.1 - Improper Input Validation to Authenticated (Subscriber+) Rating Manipulation
WP Hotel Booking
Minimum safe version
2.3.0
Update to 2.3.0 or later to address 27 fixable vulnerabilities
Latest available2.3.0 ✓
Medium 5.3
2026-01-17< 2.2.8
CVE-2025-14075
Medium 5.9
2025-12-09< 2.2.9
CVE-2025-63011
Medium 4.3
2025-12-09< 2.2.9
CVE-2025-63012
Medium 4.3
2025-12-09< 2.2.8
CVE-2025-63013
Medium 4.3
2025-05-07< 2.2.0
CVE-2025-47448
Medium 4.3
2025-01-22< 2.1.7
CVE-2024-13447
Medium 5.3
2025-01-17< 2.1.6
CVE-2024-12370
High 7.5
2024-11-04< 2.3.0
CVE-2024-51582
High 8.8
2024-10-02< 2.1.3
CVE-2024-7855
N/A
< 2.0.9.3
WP Hotel Booking < 2.0.9.3 - Improper Authorization on Multiple REST API Routes
Critical 9.8
2024-06-20< 2.1.1
CVE-2024-3605
Critical 9.8
2024-03-29< 2.0.9.3
CVE-2024-30508
N/A
2024-02-03< 2.0.9.3
WP Hotel Booking <= 2.0.9.2 - Improper Authorization on Multiple REST API Routes
Medium 5.4
2023-11-20< 2.0.9
CVE-2023-5799
Critical 9.8
2023-11-20< 2.0.8
CVE-2023-5652
Medium 5.4
2023-11-20< 2.0.8
CVE-2023-5651
N/A
2023-10-20< 2.0.8
WP Hotel Booking <= 2.0.7 - Missing Authorization to (Subscriber+) Arbitrary Post Deletion
N/A
< 2.0.1
WP Hotel Booking <= 1.10.5 - Unauthenticated Arbitrary Settings Update
Medium 4.3
2023-07-12< 1.10.2
CVE-2020-36757
N/A
2023-06-07< 1.10.2
CVE-2021-4342
N/A
< 1.10.2
Various Affected Software (Various Versions) - Cross-Site Request Forgery Bypass
N/A
2022-08-22< 2.0.1
WP Hotel Booking <= 2.0.0 - Missing Authorization to Settings Update
N/A
2022-08-23< 2.0.1
WordPress WP Hotel Booking plugin <= 1.10.5 - Unauthenticated Arbitrary Settings Update vulnerability
Medium 4.3
2022-08-22< 1.10.6
CVE-2021-36852
N/A
2020-09-16< 1.10.2
WordPress WP Hotel Booking plugin <= 1.10.1 - Cross-Site Request Forgery (CSRF) vulnerability
Critical 9.8
2021-03-03< 1.10.4
CVE-2020-29047