Lucene search
+L

4 matches found

redhatcve
redhatcve
added 2025/05/23 4:32 a.m.10 views

CVE-2023-5651

The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not ensure that the package to be deleted is a package, allowing any authenticated users, such as subscriber to delete arbitrary posts...

5.4CVSS6.8AI score0.00271EPSS
Exploits2
vulnrichment
vulnrichment
added 2023/11/20 6:55 p.m.11 views

CVE-2023-5651 WP Hotel Booking < 2.0.8 - Subscriber+ Arbitrary Post Deletion

The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not ensure that the package to be deleted is a package, allowing any authenticated users, such as subscriber to delete arbitrary posts...

6.7AI score0.00271EPSS
Exploits2References1
cve
cve
added 2023/11/20 6:55 p.m.57 views

CVE-2023-5651

The CVE targets the WordPress plugin WP Hotel Booking prior to version 2.0.8. Root cause: lack of authorization checks and CSRF protection, and failure to verify that the item to be deleted is a package. Impact: allows any authenticated user (e.g., a subscriber) to delete arbitrary posts, enablin...

5.4CVSS5.5AI score0.00271EPSS
Exploits2References1Affected Software1
cvelist
cvelist
added 2023/11/20 6:55 p.m.38 views

CVE-2023-5651 WP Hotel Booking < 2.0.8 - Subscriber+ Arbitrary Post Deletion

The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not ensure that the package to be deleted is a package, allowing any authenticated users, such as subscriber to delete arbitrary posts...

5.8AI score0.00271EPSS
Exploits2References1
Rows per page
Query Builder