Описание
The Free Booking Plugin for Hotels, Restaurants and Car Rentals WordPress plugin before 1.3.15 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in subscriber change them via a CSRF attack
Ссылки
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.3.15 (исключая)
cpe:2.3:a:syntacticsinc:easync:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 13%
0.00042
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-352
Связанные уязвимости
CVSS3: 6.5
github
9 месяцев назад
The Free Booking Plugin for Hotels, Restaurants and Car Rentals WordPress plugin before 1.3.15 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in subscriber change them via a CSRF attack
EPSS
Процентиль: 13%
0.00042
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-352