exploitDog

GHSA-vgrm-7j7m-pjmg

Опубликовано: 15 мая 2025

Источник: github

Github: Не прошло ревью

CVSS3: 6.5

Описание

The Free Booking Plugin for Hotels, Restaurants and Car Rentals WordPress plugin before 1.3.15 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in subscriber change them via a CSRF attack

The Free Booking Plugin for Hotels, Restaurants and Car Rentals WordPress plugin before 1.3.15 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in subscriber change them via a CSRF attack

Ссылки

EPSS

Процентиль: 13%

0.00042

Низкий

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-352

Связанные уязвимости

CVE-2024-9450

CVSS3: 6.5

nvd

9 месяцев назад

The Free Booking Plugin for Hotels, Restaurants and Car Rentals WordPress plugin before 1.3.15 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in subscriber change them via a CSRF attack

EPSS

Процентиль: 13%

0.00042

Низкий

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-352