Lucene search
K

4 matches found

NVD
NVD
added 2023/08/16 12:15 p.m.19 views

CVE-2023-1977

The Booking Manager WordPress plugin before 2.0.29 does not validate URLs input in it's admin panel or in shortcodes for showing events from a remote .ics file, allowing an attacker with privileges as low as Subscriber to perform SSRF attacks on the sites internal network...

8.8CVSS8.6AI score0.00823EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/08/16 11:3 a.m.18 views

CVE-2023-1977 Booking Manager < 2.0.29 - Subscriber+ SSRF

The Booking Manager WordPress plugin before 2.0.29 does not validate URLs input in it's admin panel or in shortcodes for showing events from a remote .ics file, allowing an attacker with privileges as low as Subscriber to perform SSRF attacks on the sites internal network...

7.1AI score0.00823EPSS
Exploits2References1
CVE
CVE
added 2023/08/16 11:3 a.m.65 views

CVE-2023-1977

Affected software: WordPress Booking Manager plugin. Vulnerable in versions prior to 2.0.29 where the plugin does not validate URLs in the admin panel or shortcodes that fetch events from a remote ICS file. Root cause: inadequate URL validation enables Server-Side Request Forgery (SSRF), allowing...

8.8CVSS8.7AI score0.00823EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2023/05/05 12:0 a.m.12 views

WordPress Booking Manager Plugin < 2.0.29 is vulnerable to Server Side Request Forgery (SSRF)

Software Booking Manager Type Plugin Vulnerable versions 2.0.29 Fixed in 2.0.29 OWASP Top 10 A5: Broken Access Control Classification Server Side Request Forgery SSRF CVE CVE-2023-1977 Patch priority High CVSS severity High 6.4 Developer Claim ownership PSID dc7cead73df5 Credits Shreya Pohekar...

8.8CVSS6.5AI score0.00823EPSS
Exploits2References4Affected Software1
Rows per page
Query Builder