Approved changes feed: RSS · Atom

cpe:2.3:a:motopress:hotel_booking_lite:4.2.4:*:*:*:*:wordpress:*:*

part: a version: 4.2.4 update: *

VendorMotopress (6d317652-94c4-5c1f-ac88-5ca1ba2616b8)
ProductHotel Booking Lite (f435259f-4bac-5250-b89e-e81a072c8699)
Edition*
Language*
Software edition*
Target softwarewordpress
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2022-50948 vulnerable 2026-06-08 05:52:03.760997 Motopress Hotel Booking Lite 4.2.4 Stored Cross-Site Scripting
MEDIUM (6.4)
Motopress Hotel Booking Lite 4.2.4 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting payloads in accommodation type fields. Attackers can inject script tags through the title and excerpt parameters when creating accommodation types, which execute in the browser when visitors access the accommodations page.
Published: 2026-05-10T12:12:48.402Z
Updated: 2026-05-24T01:37:25.349Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.