CVE-2024-4413

Name of the Vulnerable Software and Affected Versions Hotel Booking Lite plugin for WordPress versions up to and including 4.11.1

Description The issue allows unauthenticated attackers to inject a PHP Object via deserialization of untrusted input. Although no known POP chain is present in the vulnerable plugin, the presence of one via an additional plugin or theme could enable attackers to delete arbitrary files, retrieve sensitive data, or execute code.

Recommendations For Hotel Booking Lite plugin for WordPress versions up to and including 4.11.1, update to a version higher than 4.11.1 to resolve the issue. As a temporary workaround, consider restricting access to untrusted input to minimize the risk of exploitation.