Impact
The Hotel Booking Lite plugin allows users to schedule reservations and store personal subscriber information. A flaw in how subscriber details are handled permits unauthorized users to view sensitive data, such as names, contact information, and booking history. This direct exposure of confidential information can lead to privacy violations, identity theft, or fraudulent account use by attackers who gain access without authentication.
Affected Systems
The vulnerability affects the Jetmonsters Hotel Booking Lite plugin, specifically versions 6.0.3 and earlier.
Risk and Exploitability
The CVSS score of 6.5 indicates a medium severity risk. No EPSS data is available, so the likelihood of exploitation cannot be precisely quantified, and the vulnerability is not listed in KEV. Based on the nature of the flaw, the most likely attack vector is a remote, unauthenticated request to a public page that improperly exposes subscriber data. An attacker can simply browse or construct a request to the plugin’s endpoints to retrieve the exposed information.
OpenCVE Enrichment