Lucene search
HistoryNov 20, 2023 - 7:15 p.m.
CVE-2023-5651
wordpress
hotel booking
authorization
csrf
package deletion
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
EPSS
0
Percentile
13.3%
The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not ensure that the package to be deleted is a package, allowing any authenticated users, such as subscriber to delete arbitrary posts
Affected configurations
Node
thimpresswp_hotel_bookingRange<2.0.8wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| thimpress | wp_hotel_booking | * | cpe:2.3:a:thimpress:wp_hotel_booking:*:*:*:*:*:wordpress:*:* |
Related
wpvulndb
wpvulndb
WP Hotel Booking < 2.0.8 - Subscriber+ Arbitrary Post Deletion
2023-10-26 00:00:00
wpexploit
wpexploit
WP Hotel Booking < 2.0.8 - Subscriber+ Arbitrary Post Deletion
2023-10-26 00:00:00
prion
prion
Cross site request forgery (csrf)
2023-11-20 19:15:00
cvelist
cvelist
CVE-2023-5651 WP Hotel Booking < 2.0.8 - Subscriber+ Arbitrary Post Deletion
2023-11-20 18:55:08
cve
cve
CVE-2023-5651
2023-11-20 19:15:09
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
EPSS
0
Percentile
13.3%
Related for NVD:CVE-2023-5651