GHSA-mcv8-q72x-f535MediumCVSS 6.5
The WP Hotel Booking WordPress plugin before 2.3.1 does not enforce capability checks in several...
🔗 CVE IDs covered (1)
📋 Description
The WP Hotel Booking WordPress plugin before 2.3.1 does not enforce capability checks in several of its AJAX handlers, allowing authenticated users with Subscriber-level access to read other users' booking line items, enumerate active coupons, and read pricing data.