Severity
Medium
Analysis Summary
CVE-2025-49965 CVSS:4.3
Cross-Site Request Forgery (CSRF) vulnerability in Oganro PixelBeds Channel Manager and Hotel Booking Engine allows Cross Site Request Forgery. This issue affects PixelBeds Channel Manager and Hotel Booking Engine: from n/a through 1.0.
CVE-2025-49966 CVSS:4.3
Cross-Site Request Forgery (CSRF) vulnerability in Oganro Oganro Travel Portal Search Widget for HotelBeds APITUDE API allows Cross Site Request Forgery. This issue affects Oganro Travel Portal Search Widget for HotelBeds APITUDE API: from n/a through 1.0.
Impact
- Gain Access
Indicators of Compromise
CVE
CVE-2025-49965
CVE-2025-49966
Affected Vendors
- WordPress
Affected Products
- Oganro PixelBeds Channel Manager
- Hotel Booking Engine
- Oganro Travel Portal Search Widget
Remediation
Update the WordPress plugin to the latest available version.