Lucene search
WPScanCVE-2023-5651HistoryNov 20, 2023 - 7:15 p.m.
CVE-2023-5651
2023-11-2019:15:09
CWE-732
WPScan
web.nvd.nist.gov
28
cve-2023-5651
wp hotel booking
wordpress
vulnerability
csrf
authorisation
nvd
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
EPSS
0
Percentile
13.3%
The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not ensure that the package to be deleted is a package, allowing any authenticated users, such as subscriber to delete arbitrary posts
Affected configurations
Node
thimpresswp_hotel_bookingRange<2.0.8wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| thimpress | wp_hotel_booking | * | cpe:2.3:a:thimpress:wp_hotel_booking:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "WP Hotel Booking",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThan": "2.0.8"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
wpvulndb
wpvulndb
WP Hotel Booking < 2.0.8 - Subscriber+ Arbitrary Post Deletion
2023-10-26 00:00:00
wpexploit
wpexploit
WP Hotel Booking < 2.0.8 - Subscriber+ Arbitrary Post Deletion
2023-10-26 00:00:00
prion
prion
Cross site request forgery (csrf)
2023-11-20 19:15:00
cvelist
cvelist
CVE-2023-5651 WP Hotel Booking < 2.0.8 - Subscriber+ Arbitrary Post Deletion
2023-11-20 18:55:08
nvd
nvd
CVE-2023-5651
2023-11-20 19:15:09
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
EPSS
0
Percentile
13.3%
Related for CVE-2023-5651