Description
WordPress Plugin WP Hotel Booking is prone to a vulnerability that lets remote attackers inject and execute arbitrary code because the application fails to sanitize user-supplied input before being passed to the unserialize() PHP function. Attackers can possibly exploit this issue to execute arbitrary PHP code within the context of the affected webserver process. WordPress Plugin WP Hotel Booking version 1.10.3 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.10.4 or latest
References
https://appcheck-ng.com/cve-2020-29047
https://sploitus.com/exploit?id=WPEX-ID:E11265F5-39ED-4415-8376-4F092EF12003
https://plugins.svn.wordpress.org/wp-hotel-booking/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin Websimon Tables Cross-Site Scripting (1.3.4)
WordPress 7PK - Security Features Vulnerability (CVE-2016-10148)
Moodle Improper Input Validation Vulnerability (CVE-2017-2576)
WordPress Plugin Quizlord Cross-Site Scripting (2.0)
MediaWiki Insertion of Sensitive Information into Log File Vulnerability (CVE-2024-40598)