4 matches found
CVE-2023-1977
The Booking Manager WordPress plugin before 2.0.29 does not validate URLs input in it's admin panel or in shortcodes for showing events from a remote .ics file, allowing an attacker with privileges as low as Subscriber to perform SSRF attacks on the sites internal network...
CVE-2023-1977 Booking Manager < 2.0.29 - Subscriber+ SSRF
The Booking Manager WordPress plugin before 2.0.29 does not validate URLs input in it's admin panel or in shortcodes for showing events from a remote .ics file, allowing an attacker with privileges as low as Subscriber to perform SSRF attacks on the sites internal network...
CVE-2023-1977
Affected software: WordPress Booking Manager plugin. Vulnerable in versions prior to 2.0.29 where the plugin does not validate URLs in the admin panel or shortcodes that fetch events from a remote ICS file. Root cause: inadequate URL validation enables Server-Side Request Forgery (SSRF), allowing...
WordPress Booking Manager Plugin < 2.0.29 is vulnerable to Server Side Request Forgery (SSRF)
Software Booking Manager Type Plugin Vulnerable versions 2.0.29 Fixed in 2.0.29 OWASP Top 10 A5: Broken Access Control Classification Server Side Request Forgery SSRF CVE CVE-2023-1977 Patch priority High CVSS severity High 6.4 Developer Claim ownership PSID dc7cead73df5 Credits Shreya Pohekar...