CVE-2025-68005
Awaiting Analysis Awaiting Analysis - Queue

Missing Authorization in Easy Hotel Booking Plugin Allows Unauthorized Access

Vulnerability report for CVE-2025-68005, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-02-20

Last updated on: 2026-04-28

Assigner: Patchstack

Description

Missing Authorization vulnerability in themewant Easy Hotel Booking easy-hotel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Hotel Booking: from n/a through <= 1.9.2.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-02-20
Last Modified
2026-04-28
Generated
2026-07-06
AI Q&A
2026-02-20
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
themewant easy_hotel_booking to 1.8.7 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2025-68005 is a Broken Access Control vulnerability in the WordPress Easy Hotel Booking Plugin versions up to and including 1.8.7. It occurs due to missing authorization, authentication, or nonce token checks in certain plugin functions.

This flaw allows unprivileged users, such as subscribers, to perform actions that should be restricted to higher privileged roles, leading to unauthorized access or modifications.

The vulnerability is considered medium severity with a CVSS score of 6.5 and is part of the OWASP Top 10 A1 category.

Impact Analysis

This vulnerability can allow users with low-level privileges (such as subscribers) to escalate their privileges and perform unauthorized actions within the Easy Hotel Booking plugin.

Such unauthorized access or modifications could compromise the integrity and security of your website, potentially leading to data manipulation or exposure.

Since no official patch is available yet, failure to apply mitigations could leave your site vulnerable to exploitation.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

[{'type': 'paragraph', 'content': 'This vulnerability affects WordPress Easy Hotel Booking Plugin versions up to and including 1.8.7 and arises from missing authorization checks allowing unprivileged users to perform privileged actions.'}, {'type': 'paragraph', 'content': 'No official patch has been released yet for this issue.'}, {'type': 'paragraph', 'content': "As an immediate mitigation, users are advised to apply Patchstack's mitigation rule which can block attacks exploiting this vulnerability until an official fix becomes available."}, {'type': 'paragraph', 'content': 'It is important to implement this mitigation promptly to protect your website and monitor for any official patches.'}] [1]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-68005. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart