2 matches found
CVE-2023-5799 WP Hotel Booking < 2.0.9 - Contributor+ Arbitrary Post Deletion
The WP Hotel Booking WordPress plugin before 2.0.8 does not have proper authorisation when deleting a package, allowing Contributor and above roles to delete posts that do no belong to them...
CVE-2023-5799
WP Hotel Booking WordPress plugin prior to 2.0.8 is affected by an authorization flaw in package deletion, allowing Contributor and above roles to delete posts that do not belong to them. The issue originates from insufficient access checks on the deletion operation and is documented across multi...