CVE-2024-12370 | WP Hotel Booking <= 2.1.5 - Missing Authorization
The WP Hotel Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check when adding rooms in all versions up to, and including, 2.1.5. This makes it possible for unauthenticated attackers to add rooms with custom prices.
Conclusion & alert: CVE-2024-12370 is rated Moderate Risk (41/100): CVSS Medium severity, with medium exploitation likelihood (EPSS 0.35%).Mandatory action: Review affected assets and schedule remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
Exploit prediction scoring system (EPSS) score for CVE-2024-12370
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).