CVE-2022-50948

MEDIUM 6.4

Motopress Hotel Booking Lite 4.2.4 Stored Cross-Site Scripting

CVSS Score

6.4

EPSS Score

0.0%

EPSS Percentile

8th

Motopress Hotel Booking Lite 4.2.4 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting payloads in accommodation type fields. Attackers can inject script tags through the title and excerpt parameters when creating accommodation types, which execute in the browser when visitors access the accommodations page.

CWE	CWE-79
Vendor	motopress
Product	motopress hotel booking lite
Published	May 10, 2026
Last Updated	May 11, 2026

Stay Ahead of the Next One

Get instant alerts for motopress motopress hotel booking lite

Be the first to know when new medium vulnerabilities affecting motopress motopress hotel booking lite are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

None

Availability

None

Affected Versions

Motopress / Motopress Hotel Booking Lite

4.2.4

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/50951 motopress.com: https://motopress.com/ vulncheck.com: https://www.vulncheck.com/advisories/motopress-hotel-booking-lite-stored-cross-site-scripting

Credits

Sanjay Singh