A vulnerability classified as problematic has been found in thimpress WP Hotel Booking Plugin up to 2.3.1. The affected element is an unknown function of the component Booking. This manipulation of the argument check_in_date/check_out_date causes cross site scripting.
This vulnerability appears as CVE-2026-11392. The attack may be initiated remotely. There is no available exploit.