CVE-2025-14075
BaseFortify
Publication date: 2026-01-17
Last updated on: 2026-01-17
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| thimpress | wp_hotel_booking | to 2.2.7 (inc) |
| thimpress | wp_hotel_booking | 2.2.8 |
| thimpress | wp_hotel_booking | 1.9.6 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in the WP Hotel Booking plugin (up to version 2.2.7) is a Sensitive Information Exposure issue. It occurs because the plugin exposes the 'hotel_booking_fetch_customer_info' AJAX action to unauthenticated users without proper capability checks, relying only on a nonce for protection. This allows attackers who are not logged in to retrieve sensitive customer information such as full names, addresses, phone numbers, and email addresses by providing a valid email address and a publicly accessible nonce. [2, 3]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing unauthenticated attackers to access sensitive customer information stored in the WP Hotel Booking plugin. Attackers can retrieve personal data including full names, addresses, phone numbers, and email addresses of customers by exploiting the exposed AJAX action. This exposure can lead to privacy breaches, identity theft, and loss of customer trust. [2, 3]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability negatively affects compliance with data protection regulations such as GDPR and HIPAA because it exposes sensitive personal information to unauthorized parties. Such exposure violates principles of data confidentiality and security required by these standards, potentially leading to regulatory penalties, legal liabilities, and damage to organizational reputation.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unauthenticated AJAX requests to the 'hotel_booking_fetch_customer_info' action in the WP Hotel Booking plugin. Since the vulnerability allows retrieval of sensitive customer information by providing a valid email and a publicly accessible nonce, you can look for HTTP POST requests to the WordPress admin-ajax.php endpoint with the parameter 'action=hotel_booking_fetch_customer_info' from unauthenticated sources. A sample command using curl to test this could be: curl -X POST -d 'action=hotel_booking_fetch_customer_info&[email protected]&nonce=VALID_NONCE' https://yourwordpresssite.com/wp-admin/admin-ajax.php Replace 'VALID_NONCE' with a nonce value if known or attempt to enumerate nonces if possible. Network monitoring tools can also be configured to alert on such requests. Additionally, inspecting web server logs for such AJAX calls from unauthenticated IPs can help detect exploitation attempts. [2, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the WP Hotel Booking plugin to a version later than 2.2.7 where this vulnerability is fixed. Since the vulnerability arises from exposing the 'hotel_booking_fetch_customer_info' AJAX action to unauthenticated users relying only on a nonce, restricting access to this AJAX action to authenticated users or adding proper capability checks can mitigate the issue. If an update is not immediately possible, you can temporarily disable or restrict access to this AJAX action by modifying the plugin code or using security plugins/firewalls to block unauthenticated requests to 'admin-ajax.php' with the vulnerable action parameter. Monitoring and auditing access logs for suspicious activity is also recommended. [2, 3]