Have you found a vulnerability in a WordPress plugin or theme? Report vulnerabilities in WordPress plugins and themes through our bug bounty program and earn a bounty on all in-scope submissions, while we handle the responsible disclosure process on your behalf.

Hostel

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > Hostel

Information

Software Type	Plugin
Software Slug	hostel (view on wordpress.org)
Software Status	Active
Software Author	prasunsen
Software Website	wp-hostel.com
Software Downloads	20,018
Software Active Installs	60
Software Record Last Updated	April 20, 2025

7 Vulnerabilities

Submit a Vulnerability

Hostel <= 1.1.5.5 - Reflected Cross-Site Scripting

6.1

CVE-2025-31102

Mar 28, 2025

Researcher: johska

Hostel <= 1.1.5 - Reflected Cross-Site Scripting

6.1

CVE-2025-30848

Mar 27, 2025

Researcher: Trương Hữu Phúc (truonghuuphuc)

Hostel <= 1.1.5.2 - Reflected Cross-Site Scripting

6.1

CVE-2024-3753

Jun 22, 2024

Researcher: Bob Matyas

hostel <= 1.1.5.3 - Cross-Site Request Forgery

4.3

CVE-2024-4314

May 6, 2024

Researcher: Benedictus Jovan (aillesiM)

Hostel <= 1.1.5.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-0545

May 10, 2023

Researcher: Felipe Restrepo Rodriguez (pfelilpe)

Hostel <= 1.1.5.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Manage Bookings

4.4

CVE-2023-32120

May 4, 2023

Researcher: yuyudhn

Hostel <= 1.1.3 - Stored Cross-Site Scripting

7.2

CVE-2019-12345

May 25, 2019

Researcher: Admavidhya N

Title	Status	CVE ID	CVSS	Researchers	Date
Hostel <= 1.1.5.5 - Reflected Cross-Site Scripting	Patched	CVE-2025-31102	6.1	johska	March 28, 2025
Hostel <= 1.1.5 - Reflected Cross-Site Scripting	Patched	CVE-2025-30848	6.1	Trương Hữu Phúc (truonghuuphuc)	March 27, 2025
Hostel <= 1.1.5.2 - Reflected Cross-Site Scripting	Patched	CVE-2024-3753	6.1	Bob Matyas	June 22, 2024
hostel <= 1.1.5.3 - Cross-Site Request Forgery	Patched	CVE-2024-4314	4.3	Benedictus Jovan (aillesiM)	May 6, 2024
Hostel <= 1.1.5.1 - Authenticated (Administrator+) Stored Cross-Site Scripting	Patched	CVE-2023-0545	4.4	Felipe Restrepo Rodriguez (pfelilpe)	May 10, 2023
Hostel <= 1.1.5.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Manage Bookings	Patched	CVE-2023-32120	4.4	yuyudhn	May 4, 2023
Hostel <= 1.1.3 - Stored Cross-Site Scripting	Patched	CVE-2019-12345	7.2	Admavidhya N	May 25, 2019

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation

Hostel

Information

7 Vulnerabilities

Cookie Options

Strictly Necessary

Performance/Analytical

Targeting