Description
The WP Hotel Booking plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.7. This is due to the plugin exposing the 'hotel_booking_fetch_customer_info' AJAX action to unauthenticated users without proper capability checks, relying only on a nonce for protection. This makes it possible for unauthenticated attackers to retrieve sensitive customer information including full names, addresses, phone numbers, and email addresses by providing a valid email address and a publicly accessible nonce.
Published: 2026-01-17
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Sensitive Information Disclosure
Action: Apply Patch
AI Analysis

Impact

The WP Hotel Booking plugin (≤ 2.2.7) lacks proper capability checks for the `hotel_booking_fetch_customer_info` AJAX action. It relies only on a nonce, allowing any unauthenticated user to supply a valid email address and a publicly available nonce to retrieve private customer details such as names, addresses, phone numbers, and email addresses. This creates a confidentiality breach, exposing sensitive user data without authorization.

Affected Systems

vulnerable systems run the ThimPress WP Hotel Booking WordPress plugin up to and including version 2.2.7.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity, and the EPSS score of < 1% suggests low current exploitation activity. The vulnerability is not listed in the CISA KEV catalog. Attackers can exploit the flaw remotely over HTTP by sending a crafted AJAX request; no authentication or privileged access is required.

Generated by OpenCVE AI on April 22, 2026 at 15:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the WP Hotel Booking plugin to the latest version (2.2.8 or newer) where the vulnerability is patched.
  • If an update is delayed, restrict the `hotel_booking_fetch_customer_info` action so that only authenticated users with the appropriate capability can invoke it, or temporarily disable the endpoint for unauthenticated traffic.
  • Verify that all AJAX requests to the plugin validate nonces correctly and enforce proper authentication checks before returning any customer data.

Generated by OpenCVE AI on April 22, 2026 at 15:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 20 Jan 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 19 Jan 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Thimpress
Thimpress wp Hotel Booking
Wordpress
Wordpress wordpress
Vendors & Products Thimpress
Thimpress wp Hotel Booking
Wordpress
Wordpress wordpress

Sat, 17 Jan 2026 02:30:00 +0000

Type Values Removed Values Added
Description The WP Hotel Booking plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.7. This is due to the plugin exposing the 'hotel_booking_fetch_customer_info' AJAX action to unauthenticated users without proper capability checks, relying only on a nonce for protection. This makes it possible for unauthenticated attackers to retrieve sensitive customer information including full names, addresses, phone numbers, and email addresses by providing a valid email address and a publicly accessible nonce.
Title WP Hotel Booking <= 2.2.7 - Unauthenticated Sensitive Information Exposure via 'email' Parameter
Weaknesses CWE-200
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Thimpress Wp Hotel Booking
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T16:41:05.563Z

Reserved: 2025-12-04T22:18:59.068Z

Link: CVE-2025-14075

cve-icon Vulnrichment

Updated: 2026-01-20T18:40:01.060Z

cve-icon NVD

Status : Deferred

Published: 2026-01-17T03:16:03.200

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-14075

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T15:45:20Z

Weaknesses