{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-68005", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2025-12-15T10:00:49.130Z", "datePublished": "2026-02-20T15:46:34.209Z", "dateUpdated": "2026-04-28T16:14:25.848Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "easy-hotel", "product": "Easy Hotel Booking", "vendor": "themewant", "versions": [{"lessThanOrEqual": "1.9.2", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "daroo | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-22T14:20:25.039Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in themewant Easy Hotel Booking easy-hotel allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Easy Hotel Booking: from n/a through <= 1.9.2.</p>"}], "value": "Missing Authorization vulnerability in themewant Easy Hotel Booking easy-hotel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Hotel Booking: from n/a through <= 1.9.2."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:14:25.848Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/easy-hotel/vulnerability/wordpress-easy-hotel-booking-plugin-1-8-0-broken-access-control-vulnerability?_s_id=cve"}], "title": "WordPress Easy Hotel Booking plugin <= 1.9.2 - Broken Access Control vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-24T21:50:34.274273Z", "id": "CVE-2025-68005", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-27T18:26:31.572Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-68005", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-24T21:50:34.274273Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-24T21:50:51.536Z"}}], "cna": {"title": "WordPress Easy Hotel Booking plugin <= 1.9.2 - Broken Access Control vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "daroo | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "themewant", "product": "Easy Hotel Booking", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.9.2"}], "packageName": "easy-hotel", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "datePublic": "2026-04-22T14:20:25.039Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/easy-hotel/vulnerability/wordpress-easy-hotel-booking-plugin-1-8-0-broken-access-control-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in themewant Easy Hotel Booking easy-hotel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Hotel Booking: from n/a through <= 1.9.2.", "supportingMedia": [{"type": "text/html", "value": "Missing Authorization vulnerability in themewant Easy Hotel Booking easy-hotel allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Easy Hotel Booking: from n/a through <= 1.9.2.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "Missing Authorization"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:14:25.848Z"}}}, "cveMetadata": {"cveId": "CVE-2025-68005", "state": "PUBLISHED", "dateUpdated": "2026-04-28T16:14:25.848Z", "dateReserved": "2025-12-15T10:00:49.130Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-02-20T15:46:34.209Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in themewant Easy Hotel Booking easy-hotel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Hotel Booking: from n/a through <= 1.9.2."}, {"lang": "es", "value": "Vulnerabilidad de falta de autorizaci\u00f3n en themewant Easy Hotel Booking easy-hotel permite la explotaci\u00f3n de niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Easy Hotel Booking: desde n/a hasta &lt;= 1.8.7."}], "id": "CVE-2025-68005", "lastModified": "2026-04-28T19:35:47.467", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2026-02-20T16:22:06.973", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/easy-hotel/vulnerability/wordpress-easy-hotel-booking-plugin-1-8-0-broken-access-control-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.8.7]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Easy Hotel Booking", "source": "cna", "vendor": "themewant"}, "product": "easy_hotel_booking", "vendor": "themewant"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-29T00:53:16.319256+00:00", "value": {"mitigation_remediation": ["Upgrade Easy Hotel Booking to a version that contains the fix for CVE-2025-68005 (version 1.9.3 or later).", "Restrict the booking management features by setting WordPress user roles so that only administrators can access booking modification pages, ensuring proper permission checks are enforced. ", "If an immediate upgrade is not possible, deactivate or uninstall the Easy Hotel Booking plugin until a patched release becomes available."], "summary": {"action": "Patch Immediately", "impact": "Unauthorized access to booking management and data"}, "threat_synthesis": {"affected_systems": "All instances of the themewant Easy Hotel Booking WordPress plugin up to and including version 1.9.2 are affected. The issue exists in every build from the initial release until the specified limit, with no safe versions below 1.9.2. Site owners should review their installed plugin version and compare it against the vendor\u2019s changelog for a patched release.", "description_and_impact": "The updated CVE description indicates a missing authorization flaw in the Easy Hotel Booking plugin. This flaw allows a user without proper permissions to bypass the expected access controls and interact with protected booking endpoints. Such unauthorized access can lead to viewing, modifying, or deleting booking data and, potentially, taking over administrative functions, thereby compromising confidentiality, integrity, and availability of the booking system.", "risk_and_exploitability": "The CVSS score of 6.5 indicates a medium severity while the EPSS score of less than 1% suggests a very low current exploitation probability. The vulnerability has not been listed in CISA\u2019s KEV catalog. Based on the description, the likely attack vector is a remote web-based exploit that does not require elevated privileges; accessing protected booking endpoints without proper authorization would be sufficient to trigger the flaw."}}}}, "created": "2026-02-23T14:45:54.316907+00:00", "updated": "2026-04-29T01:00:11.388857+00:00", "vendors": ["themewant", "themewant$PRODUCT$easy_hotel_booking", "wordpress", "wordpress$PRODUCT$wordpress"]}