GCVE - cpe:2.3:a:kibokolabs:hostel:*:*:*:*:*:wordpress:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:kibokolabs:hostel:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

Vendor	Kibokolabs (`94c96222-e91f-5c0c-83ed-9f4ab2c7eef0`)
Product	Hostel (`068cf7ff-a72d-565e-92be-e11a0b4ee103`)
Edition	*
Language	*
Software edition	*
Target software	wordpress
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-6236`	vulnerable	2026-06-08 07:43:14.586355	Hostel < 1.1.5.9 - Admin+ Stored XSS The Hostel WordPress plugin before 1.1.5.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). Published: 2025-07-10T06:00:04.142Z Updated: 2025-07-10T14:18:40.730Z Open on db.gcve.eu Reference links https://wpscan.com/vulnerability/ff4d312b-a4d1-40cd-a555-a0a1b46f9959/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-6234`	vulnerable	2026-06-08 07:43:14.583449	Hostel < 1.1.5.8 - Reflected XSS The Hostel WordPress plugin before 1.1.5.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. Published: 2025-07-10T06:00:02.897Z Updated: 2025-07-10T14:17:06.329Z Open on db.gcve.eu Reference links https://wpscan.com/vulnerability/7447c4e1-81b9-4415-b425-27491ff692b2/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-3753`	vulnerable	2026-06-08 06:43:51.386588	Hostel < 1.1.5.3 - Reflected XSS The Hostel WordPress plugin before 1.1.5.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Published: 2024-07-13T06:00:04.802Z Updated: 2024-08-01T20:20:01.144Z Open on db.gcve.eu Reference links https://wpscan.com/vulnerability/e140e109-4176-4b26-bf63-198262a31409/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-0545`	vulnerable	2026-06-08 05:52:31.900165	Hostel < 1.1.5.2 - Admin+ Stored XSS The Hostel WordPress plugin before 1.1.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). Published: 2023-06-05T13:38:58.659Z Updated: 2025-01-08T17:06:22.275Z Open on db.gcve.eu Reference links https://wpscan.com/vulnerability/b604afc8-61d0-4e98-8950-f3d29f9e9ee1	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-12345`	vulnerable	2026-06-08 05:12:38.948936	Details available XSS exists in the Kiboko Hostel plugin before 1.1.4 for WordPress. Published: 2019-05-27T20:17:30.000Z Updated: 2024-08-04T23:17:39.813Z Open on db.gcve.eu Reference links https://wordpress.org/plugins/hostel/#developers https://wpvulndb.com/vulnerabilities/9289	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.