5.4
CVE-2023-5651
- EPSS 0.27%
- Veröffentlicht 20.11.2023 19:15:09
- Zuletzt bearbeitet 21.11.2024 08:42:11
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginWP Hotel Booking < 2.0.8 - Subscriber+ Arbitrary Post Deletion
WP Hotel Booking <= 2.0.7 - Missing Authorization to (Subscriber+) Arbitrary Post Deletion
The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not ensure that the package to be deleted is a package, allowing any authenticated users, such as subscriber to delete arbitrary posts
Mögliche Gegenmaßnahme
WP Hotel Booking: Update to version 2.0.8, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Thimpress ≫ Wp Hotel Booking SwPlatformwordpress Version < 2.0.8
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
WP Hotel Booking
Version
*-2.0.7
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.27% | 0.186 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.4 | 2.8 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.4 | 2.8 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
|
CWE-732 Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
https://wpscan.com/vulnerability/a365c050-96ae-4266-aa87-850ee259ee2c
https://www.wordfence.com/threat-intel/vulnerabilities/id/0439d2ee-7742-4aa7-ba4e-db55c6b2718e