Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2023-5652
HistoryNov 20, 2023 - 7:15 p.m.

CVE-2023-5652

2023-11-2019:15:10
CWE-89
[email protected]
web.nvd.nist.gov
7
cve-2023-5652
wordpress
sql injection
csrf
unauthenticated users

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

51.4%

JSON

The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not escape user input before using it in a SQL statement of a function hooked to admin_init, allowing unauthenticated users to perform SQL injections

Affected configurations

Nvd
Node
thimpresswp_hotel_bookingRange<2.0.8wordpress
VendorProductVersionCPE
thimpresswp_hotel_booking*cpe:2.3:a:thimpress:wp_hotel_booking:*:*:*:*:*:wordpress:*:*

Related

cve 1
wpexploit 1
wpvulndb 1
cvelist 1
prion 1
cve
cve
CVE-2023-5652
2023-11-20 19:15:10
wpexploit
wpexploit
WP Hotel Booking < 2.0.8 - Unauthenticated SQLi
2023-10-26 00:00:00
wpvulndb
wpvulndb
WP Hotel Booking < 2.0.8 - Unauthenticated SQLi
2023-10-26 00:00:00
cvelist
cvelist
CVE-2023-5652 WP Hotel Booking < 2.0.8 - Unauthenticated SQLi
2023-11-20 18:55:06
prion
prion
Sql injection
2023-11-20 19:15:00

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

51.4%

JSON
Related for NVD:CVE-2023-5652
cve1wpexploit1wpvulndb1cvelist1prion1