Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistWPScanCVELIST:CVE-2023-5991
HistoryDec 26, 2023 - 6:33 p.m.

CVE-2023-5991 Hotel Booking Lite < 4.8.5 - Unauthenticated Arbitrary File Download & Deletion

2023-12-2618:33:14
WPScan
www.cve.org
1
hotel booking lite
wordpress plugin
unauthenticated access

9.8 High

AI Score

Confidence

High

0.172 Low

EPSS

Percentile

96.1%

JSON

The Hotel Booking Lite WordPress plugin before 4.8.5 does not validate file paths provided via user input, as well as does not have proper CSRF and authorisation checks, allowing unauthenticated users to download and delete arbitrary files on the server

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Hotel Booking Lite",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "4.8.5"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

Related

nuclei 1
nvd 1
wpvulndb 1
prion 1
cve 1
wpexploit 1
nuclei
nuclei
Hotel Booking Lite < 4.8.5 - Arbitrary File Download & Deletion
2024-05-14 10:34:23
nvd
nvd
CVE-2023-5991
2023-12-26 19:15:08
wpvulndb
wpvulndb
Hotel Booking Lite < 4.8.5 - Unauthenticated Arbitrary File Download & Deletion
2023-12-01 00:00:00
prion
prion
Design/Logic Flaw
2023-12-26 19:15:00
cve
cve
CVE-2023-5991
2023-12-26 19:15:08
wpexploit
wpexploit
Hotel Booking Lite < 4.8.5 - Unauthenticated Arbitrary File Download & Deletion
2023-12-01 00:00:00

9.8 High

AI Score

Confidence

High

0.172 Low

EPSS

Percentile

96.1%

JSON
Related for CVELIST:CVE-2023-5991
nuclei1nvd1wpvulndb1prion1cve1wpexploit1