Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistWPScanCVELIST:CVE-2023-5652
HistoryNov 20, 2023 - 6:55 p.m.

CVE-2023-5652 WP Hotel Booking < 2.0.8 - Unauthenticated SQLi

2023-11-2018:55:06
WPScan
www.cve.org
3
cve-2023-5652
wp hotel booking
unauthenticated
sqli
sql injections
wordpress plugin
security vulnerability
admin_init

EPSS

0.001

Percentile

51.4%

JSON

The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not escape user input before using it in a SQL statement of a function hooked to admin_init, allowing unauthenticated users to perform SQL injections

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "WP Hotel Booking",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "2.0.8"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

Related

cve 1
wpexploit 1
wpvulndb 1
prion 1
nvd 1
cve
cve
CVE-2023-5652
2023-11-20 19:15:10
wpexploit
wpexploit
WP Hotel Booking < 2.0.8 - Unauthenticated SQLi
2023-10-26 00:00:00
wpvulndb
wpvulndb
WP Hotel Booking < 2.0.8 - Unauthenticated SQLi
2023-10-26 00:00:00
prion
prion
Sql injection
2023-11-20 19:15:00
nvd
nvd
CVE-2023-5652
2023-11-20 19:15:10

EPSS

0.001

Percentile

51.4%

JSON
Related for CVELIST:CVE-2023-5652
cve1wpexploit1wpvulndb1prion1nvd1