CVE-2024-13447
CVSS 3.1 Score 4.3 of 10 (medium)
Details
Published Jan 22, 2025
CWE ID 862
Summary
CVE-2024-13447 is a vulnerability affecting the WP Hotel Booking plugin for WordPress. The issue lies in the lack of sufficient capability checks on the "hotel_booking_load_order_user" AJAX action, present up to version 2.1.6. Consequently, attackers with Subscriber-level access or higher can exploit this weakness to illicitly obtain a list of registered user email addresses. This vulnerability poses a significant risk for WordPress sites using the WP Hotel Booking plugin and requires immediate attention for patching.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share