4 matches found
CVE-2023-5652
The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not escape user input before using it in a SQL statement of a function hooked to admininit, allowing unauthenticated users to perform SQL injections...
CVE-2023-5652
The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not escape user input before using it in a SQL statement of a function hooked to admininit, allowing unauthenticated users to perform SQL injections...
CVE-2023-5652 WP Hotel Booking < 2.0.8 - Unauthenticated SQLi
The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not escape user input before using it in a SQL statement of a function hooked to admininit, allowing unauthenticated users to perform SQL injections...
CVE-2023-5652
CVE-2023-5652 affects the WordPress plugin WP Hotel Booking, prior to version 2.0.8. The vulnerability arises from missing authorization and CSRF checks and from insufficient escaping of user input in a SQL statement executed in an admin_init hook, enabling unauthenticated users to perform SQL in...