Hostel

hostel

Vendor: Kibokolabs • 5 CVEs

CVEs (5)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-6236 1Kibokolabs 1Hostel Jul 11, 2025 Jul 10, 2025 N/A· v4 4.8 MEDIUM· v3 N/A· v2 The Hostel WordPress plugin before 1.1.5.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_h...Show more The Hostel WordPress plugin before 1.1.5.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).Show less
CVE-2025-6234 1Kibokolabs 1Hostel Jul 11, 2025 Jul 10, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The Hostel WordPress plugin before 1.1.5.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such...Show more The Hostel WordPress plugin before 1.1.5.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.Show less
CVE-2024-3753 1Kibokolabs 1Hostel May 13, 2025 Jul 13, 2024 N/A· v4 5.9 MEDIUM· v3 N/A· v2 The Hostel WordPress plugin before 1.1.5.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such...Show more The Hostel WordPress plugin before 1.1.5.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as adminShow less
CVE-2023-0545 1Kibokolabs 1Hostel Jan 8, 2025 Jun 5, 2023 N/A· v4 4.8 MEDIUM· v3 N/A· v2 The Hostel WordPress plugin before 1.1.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_h...Show more The Hostel WordPress plugin before 1.1.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).Show less
CVE-2019-12345 1Kibokolabs 1Hostel Nov 21, 2024 May 27, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 XSS exists in the Kiboko Hostel plugin before 1.1.4 for WordPress.