Description The WP Hotel Booking plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to an improper capability check on the 'pricing_plans', 'block_date', 'manager_bookings', and 'update_field_room' functions for the 'pricing-plans', 'block-date', 'manager-bookings', and 'update-field' REST routes, respectively, in versions up to, and including, 2.0.9.2. This makes it possible for unauthenticated attackers to expose sensitive information about bookings or modify…Read More