4 matches found
CVE-2023-5651
The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not ensure that the package to be deleted is a package, allowing any authenticated users, such as subscriber to delete arbitrary posts...
CVE-2023-5651 WP Hotel Booking < 2.0.8 - Subscriber+ Arbitrary Post Deletion
The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not ensure that the package to be deleted is a package, allowing any authenticated users, such as subscriber to delete arbitrary posts...
CVE-2023-5651
The CVE targets the WordPress plugin WP Hotel Booking prior to version 2.0.8. Root cause: lack of authorization checks and CSRF protection, and failure to verify that the item to be deleted is a package. Impact: allows any authenticated user (e.g., a subscriber) to delete arbitrary posts, enablin...
CVE-2023-5651 WP Hotel Booking < 2.0.8 - Subscriber+ Arbitrary Post Deletion
The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not ensure that the package to be deleted is a package, allowing any authenticated users, such as subscriber to delete arbitrary posts...