CVE-2025-8942 | THREATINT

Description

The WP Hotel Booking WordPress plugin before 2.2.3 lacks proper server-side validation for review ratings, allowing an attacker to manipulate the rating value (e.g., sending negative or out-of-range values) by intercepting and modifying requests.

PUBLISHED Reserved 2025-08-13 | Published 2025-09-18 | Updated 2025-09-22 | Assigner WPScan

Problem types

CWE-284 Improper Access Control

Product status

Default status

unaffected

Any version before 2.2.3

affected

Credits

WPScan coordinator

References

wpscan.com/...rability/d89bb3b2-40ad-4c4f-9f17-4ccacc0f6e1a/ exploit

wpscan.com/...rability/d89bb3b2-40ad-4c4f-9f17-4ccacc0f6e1a/ exploit vdb-entry technical-description

cve.org (CVE-2025-8942)

nvd.nist.gov (CVE-2025-8942)

Download JSON