Hotel Booking Lite

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:jetmonsters:hotel_booking_lite:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorJetmonsters (68cb8354-ffa6-5abe-9430-96c08ce21952)
ProductHotel Booking Lite (2f7cc049-ddef-58d6-be5c-c100f9c05fb8)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2025-66078 vulnerable 2026-06-03 15:09:40.859679 WordPress Hotel Booking Lite plugin <= 5.2.3 - Remote Code Execution (RCE) vulnerability
CRITICAL (9.1)
Improper Control of Generation of Code ('Code Injection') vulnerability in jetmonsters Hotel Booking Lite motopress-hotel-booking-lite allows Remote Code Inclusion.This issue affects Hotel Booking Lite: from n/a through <= 5.2.3.
Published: 2025-12-18T07:22:17.890Z
Updated: 2026-04-28T16:14:16.343Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-4413 vulnerable 2026-06-03 14:57:15.436462 Hotel Booking Lite <= 4.11.1 - Unauthenticated PHP Object Injection
CRITICAL (9.8)
The Hotel Booking Lite plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.11.1 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
Published: 2024-05-10T21:32:41.138Z
Updated: 2026-04-08T16:40:37.122Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.