CVE-2018-5673
Description
An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. CSRF exists via wp-admin/admin.php.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
CSRF vulnerability in WordPress booking-calendar plugin 2.1.7 allows attackers to perform unauthorized actions via crafted requests to wp-admin/admin.php.
Vulnerability
A Cross-Site Request Forgery (CSRF) vulnerability exists in the booking-calendar plugin version 2.1.7 for WordPress. The issue is present in the wp-admin/admin.php endpoint, where insufficient validation allows an attacker to forge requests on behalf of an authenticated administrator [1].
Exploitation
An attacker can craft a malicious link or page that, when visited by an authenticated administrator, triggers an unintended action via the vulnerable endpoint. No special network position is required; the attacker only needs to trick the admin into clicking the crafted request [1].
Impact
Successful exploitation allows the attacker to perform any action that the administrator can perform, such as modifying plugin settings, deleting data, or creating new users, leading to a complete compromise of the WordPress site's administrative functions [1].
Mitigation
As of the available references, no specific patch or fixed version has been disclosed. Users should monitor the plugin's official repository for updates and consider disabling the plugin until a fix is applied [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: = 2.1.7
- Range: =2.1.7
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- github.com/d4wner/Vulnerabilities-Report/blob/master/booking-calendar.mdmitrex_refsource_MISC
- wpvulndb.com/vulnerabilities/9012mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.