Skip to content

RadicalNotion.AI

We do not sell or share your personal information

© 2026 RadicalNotion.AI

Security Data

CWE Directory
CAPEC Directory
CNA Directory
CNA Report Cards
Data Sources

Calculators

CVSS Calculator
CVSS 4.0
CVSS 3.1
CVSS 3.0
CVSS 2.0

Platform

My Vulnerabilities
Insights
Notifications
Account
Pricing

Learn

All guides
What is a CVE?
What is CVSS?
The CISA KEV catalog
What is EPSS?

Company

About us
Blog
Book a demo

Get Started

Sign up
Log in

Legal

Privacy
Terms

Security data

Weaknesses (CWE)The MITRE CWE weakness catalog
Attack Patterns (CAPEC)MITRE CAPEC attack patterns
CNAsNumbering authorities + report cards
VendorsVulnerabilities by vendor

Tools

CVSS CalculatorScore CVSS 4.0, 3.1, 3.0 & 2.0

Resources

LearnPlain-English security guides
Data SourcesHow we source CVE data

About Us Blog Pricing Book a Demo

Log in

Home
Vendors
Thimpress
Wp Hotel Booking

thimpress WP Hotel Booking Vulnerabilities: CVEs, CISA KEV & Security Advisories

17 CVEs

thimpress WP Hotel Booking Vulnerabilities

CVE security advisories and vulnerability history for WP Hotel Booking by thimpress.

17

Total CVEs

Published

0

In CISA KEV

Exploited in the wild

3

Public exploits

With known exploit

5.8

Avg CVSS

2021–2026

Last updated January 17, 2026

Overview

thimpress WP Hotel Booking has 17 published CVE records since 2021, of which 0 are in CISA's Known Exploited Vulnerabilities catalog and 3 have a known public exploit. The average CVSS base score across scored CVEs is 5.8.

This page aggregates every publicly disclosed vulnerability (CVE) affecting thimpress WP Hotel Booking, with a severity breakdown, the affected and patched versions, the most common weakness types, and the full CVE list.

Severity and exploitation

How the CVSS severity of thimpress WP Hotel Booking's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical1

High2

Medium11

Low0

3 additional CVEs have no CVSS severity score.

In CISA’s Known Exploited Vulnerabilities catalog

0

None of thimpress WP Hotel Booking's CVEs are currently listed in CISA's KEV catalog.

Public exploits

3

3 of thimpress WP Hotel Booking's CVEs have a known public exploit available.

Affected versions and CVEs

Browse every thimpress WP Hotel Booking version named in a CVE, then pick one to see only the CVEs that affect it.

Fixed in

2.0.83 CVEs
> 2.2.72 CVEs
> 2.2.82 CVEs
2.2.92 CVEs
> 1.10.51 CVE
> 2.0.9.21 CVE
> 2.1.01 CVE
> 2.1.21 CVE
> 2.1.51 CVE
> 2.1.61 CVE
> 2.1.91 CVE
> 2.2.91 CVE
1.10.21 CVE
2.0.9.31 CVE
2.1.31 CVE
2.1.61 CVE
2.1.71 CVE
2.2.01 CVE
2.2.81 CVE
2.3.01 CVE

Find a version

17 CVEs

Sort

WP Hotel Booking <= 2.2.7 - Unauthenticated Sensitive Information Exposure via 'email' Parameter
CVE-2025-14075
Patch
CWE-200
Medium · CVSS 5.3
EPSS 0.1% (22th pct)2026-01-17
WordPress WP Hotel Booking plugin <= 2.2.7 - Sensitive Data Exposure vulnerability
CVE-2025-63013
Patch
CWE-497
Medium · CVSS 4.3
EPSS 0.0% (12th pct)2025-12-09
WordPress WP Hotel Booking plugin <= 2.2.8 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2025-63012
Patch
CWE-352
Medium · CVSS 4.3
EPSS 0.0% (4th pct)2025-12-09
WordPress WP Hotel Booking plugin <= 2.2.8 - Cross Site Scripting (XSS) vulnerability
CVE-2025-63011
Patch
CWE-79
Medium · CVSS 5.9
EPSS 0.0% (8th pct)2025-12-09
WordPress WP Hotel Booking plugin <= 2.1.9 - Cross Site Request Forgery (CSRF) Vulnerability
CVE-2025-47448
Patch
CWE-352
Medium · CVSS 4.3
EPSS 0.1% (25th pct)2025-05-07
WP Hotel Booking <= 2.1.6 - Missing Authorization to Authenticated (Subscriber+) User Email Retrieval
CVE-2024-13447
Patch
CWE-862
Medium · CVSS 4.3
EPSS 0.3% (51th pct)2025-01-22
WP Hotel Booking <= 2.1.5 - Missing Authorization
CVE-2024-12370
Patch
CWE-284
Medium · CVSS 5.3
EPSS 0.3% (57th pct)2025-01-17
WordPress WP Hotel Booking plugin <= 2.2.9 - Local File Inclusion vulnerability
CVE-2024-51582
Patch
CWE-35
High · CVSS 7.5
EPSS 1.7% (82th pct)2024-11-04
WP Hotel Booking <= 2.1.2 - Authenticated (Subscriber+) Arbitrary File Upload
CVE-2024-7855
Patch
CWE-434
High · CVSS 8.8
EPSS 62.9% (98th pct)2024-10-02
WP Hotel Booking <= 2.1.0 - Unauthenticated SQL Injection
CVE-2024-3605
Patch
CWE-89
Critical · CVSS 10.0
EPSS 79.0% (99th pct)2024-06-20
WordPress WP Hotel Booking plugin <= 2.0.9.2 - Broken Access Control vulnerability
CVE-2024-30508
Patch
CWE-862
Medium · CVSS 6.5
EPSS 0.2% (48th pct)2024-03-29
Medium vulnerability · 2023-11-20
CVE-2023-5651
Public exploit
Patch
Medium · CVSS 5.4
EPSS 0.0% (13th pct)2023-11-20
WP Hotel Booking < 2.0.9 - Contributor+ Arbitrary Post Deletion
CVE-2023-5799
Public exploit
Patch
Unscored
EPSS 0.0% (15th pct)2023-11-20
Vulnerability · 2023-11-20
CVE-2023-5652
Public exploit
Patch
Unscored
EPSS 66.6% (99th pct)2023-11-20
WP Hotel Booking <= 1.10.1 - Cross-Site Request Forgery Bypass
CVE-2020-36757
Patch
CWE-352
Medium · CVSS 4.3
EPSS 0.2% (36th pct)2023-07-12
WordPress WP Hotel Booking plugin <= 1.10.5 - Cross-Site Request Forgery (CSRF) vulnerability
CVE-2021-36852
Patch
CWE-352
Medium · CVSS 4.3
EPSS 0.1% (28th pct)2022-08-22
Vulnerability · 2021-03-03
CVE-2020-29047
Unscored
EPSS 84.6% (99th pct)2021-03-03

Common weakness types

The CWE weakness categories most often found in thimpress WP Hotel Booking CVEs. Follow any weakness for its full explanation.

CWE-352Cross-Site Request Forgery (CSRF)4 CVEs
CWE-862Missing Authorization2 CVEs
CWE-35Path Traversal: '.../...//'1 CVE
CWE-434Unrestricted Upload of File with Dangerous Type1 CVE
CWE-497Exposure of Sensitive System Information to an Unauthorized Control Sphere1 CVE
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')1 CVE
CWE-200Exposure of Sensitive Information to an Unauthorized Actor1 CVE
CWE-89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')1 CVE

Disclosure activity by year

How many thimpress WP Hotel Booking CVEs were published each year.

2021

1

2022

1

2023

4

2024

4

2025

6

2026

1

Other thimpress products

Browse vulnerabilities for other products by thimpress.

learnpress53 CVEs LearnPress – WordPress LMS Plugin for Create and Sell Online Courses34 CVEs WP Pipes9 CVEs LearnPress Export Import6 CVEs Eduma4 CVEs LearnPress – Backup & Migration Tool4 CVEs LearnPress – WordPress LMS Plugin4 CVEs Thim Elementor Kit4 CVEs

All thimpress vulnerabilities

Frequently asked questions

Common questions about thimpress WP Hotel Booking vulnerabilities.

How many CVEs does thimpress WP Hotel Booking have?

thimpress WP Hotel Booking has 17 published CVE records since 2021.

How many thimpress WP Hotel Booking CVEs are in CISA KEV?

None of thimpress WP Hotel Booking's CVEs are currently listed in CISA's Known Exploited Vulnerabilities catalog.

Are there public exploits for thimpress WP Hotel Booking vulnerabilities?

Yes — 3 of thimpress WP Hotel Booking's CVEs have a known public exploit.

Which versions of thimpress WP Hotel Booking are affected?

20 distinct thimpress WP Hotel Booking versions are named across its CVEs. Use the version filter above to see the CVEs affecting a specific version.

What are the most common weakness types in thimpress WP Hotel Booking CVEs?

thimpress WP Hotel Booking's CVEs most often map to these CWE weakness types: CWE-352 (Cross-Site Request Forgery (CSRF)), CWE-862 (Missing Authorization), CWE-35 (Path Traversal: '.../...//'), CWE-434 (Unrestricted Upload of File with Dangerous Type).

How many critical thimpress WP Hotel Booking vulnerabilities are there?

thimpress WP Hotel Booking has 1 critical and 2 high-severity CVEs.

What is the average severity of thimpress WP Hotel Booking CVEs?

The average CVSS base score across thimpress WP Hotel Booking's scored CVEs is 5.8.

References

All thimpress vulnerabilities
The MITRE CVE Program (opens in a new tab)
Learn: What is a CVE?
CWE directory: the weakness types these CVEs map to

Vulnerability data is sourced from the CVE Program; severity, KEV, and exploit signals are aggregated by RadicalNotion.AI.

Track thimpress WP Hotel Booking vulnerabilities

Monitor new thimpress WP Hotel Booking vulnerabilities as they are disclosed, with AI-written analysis and remediation guidance.

Start free See pricing

On this page

Overview
Severity and exploitation
Affected versions and CVEs
Common weakness types
Disclosure activity
Other products
FAQ
References