The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not ensure that the package to be deleted is a package, allowing any authenticated users, such as subscriber to delete arbitrary posts
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/a365c050-96ae-4266-aa87-850ee259ee2c | Exploit Third Party Advisory |
Configurations
History
27 Nov 2023, 16:30
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-20 19:15
Updated : 2024-10-01 15:35
NVD link : CVE-2023-5651
Mitre link : CVE-2023-5651
CVE.ORG link : CVE-2023-5651
JSON object : View
Products Affected
thimpress
- wp_hotel_booking
CWE
CWE-732
Incorrect Permission Assignment for Critical Resource