PT-2026-39477 · WordPress · Motopress Hotel Booking Lite
Sanjay Singh
·
Published
2026-05-10
·
Updated
2026-05-10
·
CVE-2022-50948
CVSS v3.1
6.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Motopress Hotel Booking Lite version 4.2.4
Description
A stored cross-site scripting issue allows authenticated attackers to inject malicious scripts. This occurs when payloads are submitted through the
title and excerpt parameters during the creation of accommodation types. These scripts execute in the browser of visitors who access the accommodations page.Recommendations
As a temporary workaround, restrict the ability of authenticated users to create or edit accommodation types, specifically avoiding the use of the
title and excerpt parameters, until a fix is applied.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Motopress Hotel Booking Lite