CVE-2022-50948
Stored XSS in MotoPress Hotel Booking Lite Plugin
Publication date: 2026-05-10
Last updated on: 2026-05-10
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| motopress | hotel_booking_lite | 4.2.4 |
| motopress | hotel_booking_lite | to 4.2.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the accommodation type fields, specifically the title and excerpt parameters, for stored cross-site scripting (XSS) payloads. An authenticated user can attempt to inject script tags into these fields and then verify if the scripts execute when accessing the accommodations page.
There are no specific commands provided in the available resources to detect this vulnerability on your network or system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how the stored cross-site scripting vulnerability in Motopress Hotel Booking Lite 4.2.4 impacts compliance with common standards and regulations such as GDPR or HIPAA.
What immediate steps should I take to mitigate this vulnerability?
The provided resources do not specify immediate mitigation steps for this vulnerability.
Can you explain this vulnerability to me?
CVE-2022-50948 is a stored cross-site scripting (XSS) vulnerability found in Motopress Hotel Booking Lite version 4.2.4 and earlier.
This vulnerability allows authenticated attackers to inject malicious scripts by submitting specially crafted payloads in the accommodation type fields, specifically through the title and excerpt parameters.
When visitors access the accommodations page, these injected scripts execute in their browsers, potentially compromising their security.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers who have authenticated access to inject malicious scripts into your website's accommodation type fields.
When other users visit the accommodations page, these scripts execute in their browsers, which can lead to theft of sensitive information, session hijacking, or other malicious actions.
The vulnerability has a medium severity rating with a CVSS score of 5.1, indicating a moderate risk.