Description
Subscriber Sensitive Data Exposure in Hotel Booking Lite <= 6.0.3 versions.
Published: 2026-07-02
Score: 6.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Hotel Booking Lite plugin allows users to schedule reservations and store personal subscriber information. A flaw in how subscriber details are handled permits unauthorized users to view sensitive data, such as names, contact information, and booking history. This direct exposure of confidential information can lead to privacy violations, identity theft, or fraudulent account use by attackers who gain access without authentication.

Affected Systems

The vulnerability affects the Jetmonsters Hotel Booking Lite plugin, specifically versions 6.0.3 and earlier.

Risk and Exploitability

The CVSS score of 6.5 indicates a medium severity risk. No EPSS data is available, so the likelihood of exploitation cannot be precisely quantified, and the vulnerability is not listed in KEV. Based on the nature of the flaw, the most likely attack vector is a remote, unauthenticated request to a public page that improperly exposes subscriber data. An attacker can simply browse or construct a request to the plugin’s endpoints to retrieve the exposed information.

Generated by OpenCVE AI on July 2, 2026 at 15:20 UTC.

Remediation

Vendor Solution

Update the WordPress Hotel Booking Lite Plugin to the latest available version (at least 6.0.4).


OpenCVE Recommended Actions

  • Update Hotel Booking Lite to version 6.0.4 or later.
  • Remove any older instances or copies of the plugin from the WordPress installation.
  • Restrict access to subscriber data by configuring the plugin’s settings or adding role‑based access controls to limit who can view personal booking information.

Generated by OpenCVE AI on July 2, 2026 at 15:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 02 Jul 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 02 Jul 2026 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Jetmonsters
Jetmonsters hotel Booking Lite
Wordpress
Wordpress wordpress
Vendors & Products Jetmonsters
Jetmonsters hotel Booking Lite
Wordpress
Wordpress wordpress

Thu, 02 Jul 2026 11:30:00 +0000

Type Values Removed Values Added
Description Subscriber Sensitive Data Exposure in Hotel Booking Lite <= 6.0.3 versions.
Title WordPress Hotel Booking Lite plugin <= 6.0.3 - Sensitive Data Exposure vulnerability
Weaknesses CWE-201
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}


Subscriptions

Jetmonsters Hotel Booking Lite
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-07-02T12:43:26.221Z

Reserved: 2026-06-24T12:45:24.971Z

Link: CVE-2026-57347

cve-icon Vulnrichment

Updated: 2026-07-02T12:43:23.175Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-02T15:30:05Z

Weaknesses
  • CWE-201

    Insertion of Sensitive Information Into Sent Data