A vulnerability labeled as critical has been found in WP Hotel Booking Plugin up to 2.3.0 on WordPress. This impacts an unknown function of the component AJAX Handler . Such manipulation leads to improper access controls. This vulnerability is documented as CVE-2026-9822 . The attack can be executed remotely. There is not any exploit available. The affected component should be upgraded.