Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 4:32 a.m.11 views

CVE-2023-5652

The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not escape user input before using it in a SQL statement of a function hooked to admininit, allowing unauthenticated users to perform SQL injections...

9.8CVSS7.4AI score0.63711EPSS
Exploits2
NVD
NVD
added 2023/11/20 7:15 p.m.26 views

CVE-2023-5652

The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not escape user input before using it in a SQL statement of a function hooked to admininit, allowing unauthenticated users to perform SQL injections...

9.8CVSS0.63711EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/11/20 6:55 p.m.40 views

CVE-2023-5652 WP Hotel Booking < 2.0.8 - Unauthenticated SQLi

The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not escape user input before using it in a SQL statement of a function hooked to admininit, allowing unauthenticated users to perform SQL injections...

9.9AI score0.63711EPSS
Exploits2References1
CVE
CVE
added 2023/11/20 6:55 p.m.85 views

CVE-2023-5652

CVE-2023-5652 affects the WordPress plugin WP Hotel Booking, prior to version 2.0.8. The vulnerability arises from missing authorization and CSRF checks and from insufficient escaping of user input in a SQL statement executed in an admin_init hook, enabling unauthenticated users to perform SQL in...

9.8CVSS9.8AI score0.63711EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder