Lucene search

[email protected]NVD:CVE-2023-5799

HistoryNov 20, 2023 - 7:15 p.m.

CVE-2023-5799

2023-11-2019:15:10

CWE-863

[email protected]

web.nvd.nist.gov

wp hotel booking

authorisation

vulnerability

plugin

wordpress

role-based access control

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

0.0004 Low

EPSS

Percentile

13.5%

JSON

The WP Hotel Booking WordPress plugin before 2.0.8 does not have proper authorisation when deleting a package, allowing Contributor and above roles to delete posts that do no belong to them

Affected configurations

NVD

Node

thimpresswp_hotel_bookingRange<2.0.8wordpress

References

wpscan.com/vulnerability/3061f85e-a70e-49e5-bccf-ae9240f51178

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

0.0004 Low

EPSS

Percentile

13.5%

JSON

Related for NVD:CVE-2023-5799

cvelist1 wpvulndb1 cve1 prion1 wpexploit1