Approved changes feed: RSS · Atom

cpe:2.3:a:motopress:hotel_booking_lite:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

VendorMotopress (6d317652-94c4-5c1f-ac88-5ca1ba2616b8)
ProductHotel Booking Lite (f435259f-4bac-5250-b89e-e81a072c8699)
Edition*
Language*
Software edition*
Target softwarewordpress
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2023-5991 vulnerable 2026-06-08 06:19:45.352787 Hotel Booking Lite < 4.8.5 - Unauthenticated Arbitrary File Download & Deletion
The Hotel Booking Lite WordPress plugin before 4.8.5 does not validate file paths provided via user input, as well as does not have proper CSRF and authorisation checks, allowing unauthenticated users to download and delete arbitrary files on the server
Published: 2023-12-26T18:33:14.275Z
Updated: 2024-08-02T08:14:25.157Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-28498 vulnerable 2026-06-08 06:01:10.990363 WordPress Hotel Booking Lite Plugin <= 4.6.0 is vulnerable to Cross Site Request Forgery (CSRF)
MEDIUM (4.3)
Cross-Site Request Forgery (CSRF) vulnerability in MotoPress Hotel Booking Lite plugin <= 4.6.0 versions.
Published: 2023-11-12T21:57:22.327Z
Updated: 2026-04-28T16:08:16.159Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.