CVE-2025-8942
BaseFortify
Publication date: 2025-09-18
Last updated on: 2025-09-22
Assigner: WPScan
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wpscan | wp_hotel_booking | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can manipulate review ratings on the WP Hotel Booking plugin, potentially damaging the credibility and trustworthiness of the reviews by submitting invalid or misleading rating values.
Can you explain this vulnerability to me?
This vulnerability exists in the WP Hotel Booking WordPress plugin versions before 2.2.3. It occurs because the plugin lacks proper server-side validation for review ratings, which allows an attacker to intercept and modify requests to manipulate the rating values, including sending negative or out-of-range values.