Lucene search

WPScanCVE-2023-5652

HistoryNov 20, 2023 - 7:15 p.m.

CVE-2023-5652

2023-11-2019:15:10

CWE-89

WPScan

web.nvd.nist.gov

cve-2023-5652

wp hotel booking

wordpress plugin

sql injection

nvd

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.001

Percentile

51.4%

JSON

The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not escape user input before using it in a SQL statement of a function hooked to admin_init, allowing unauthenticated users to perform SQL injections

Affected configurations

Nvd

Vulners

Node

thimpresswp_hotel_bookingRange<2.0.8wordpress

VendorProductVersionCPE
thimpresswp_hotel_booking*cpe:2.3:a:thimpress:wp_hotel_booking:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
thimpress	wp_hotel_booking	*	cpe:2.3:a:thimpress:wp_hotel_booking::::::wordpress::*

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "WP Hotel Booking",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "2.0.8"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

References

wpscan.com/vulnerability/8ea46b9a-5239-476b-949d-49546371eac1

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.001

Percentile

51.4%

JSON

Related for CVE-2023-5652