CVE-2024-51582 — Path Traversal: '.../...//' in WP Hotel Booking

CWE-35 — Path Traversal: '.../...//'CWE-22 — Path Traversal3 documents3 sources

Severity

8.8HIGHNVD

EPSS

1.7%

top 17.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Thimpress WP Hotel Booking

Timeline

PublishedNov 4

Description

Path Traversal: '.../...//' vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows PHP Local File Inclusion.This issue affects WP Hotel Booking: from n/a through <= 2.2.9.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5thimpress/wp_hotel_booking2.2.9

▶NVDthimpress/wp_hotel_booking2.1.4

🔴Vulnerability Details

CVEList

WordPress WP Hotel Booking plugin <= 2.2.9 - Local File Inclusion vulnerability↗2024-11-04

▶

GHSA

GHSA-gpj2-23jf-pgq2: Path Traversal: '↗2024-11-04

▶