Описание
The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not ensure that the package to be deleted is a package, allowing any authenticated users, such as subscriber to delete arbitrary posts
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.0.8 (исключая)
cpe:2.3:a:thimpress:wp_hotel_booking:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 12%
0.00041
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-732
Связанные уязвимости
CVSS3: 5.4
github
около 2 лет назад
The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not ensure that the package to be deleted is a package, allowing any authenticated users, such as subscriber to delete arbitrary posts
EPSS
Процентиль: 12%
0.00041
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-732