Unrated severityNVD Advisory· Published Nov 20, 2023· Updated Oct 1, 2024
WP Hotel Booking < 2.0.8 - Subscriber+ Arbitrary Post Deletion
CVE-2023-5651
Description
The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not ensure that the package to be deleted is a package, allowing any authenticated users, such as subscriber to delete arbitrary posts
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: <2.0.8
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/a365c050-96ae-4266-aa87-850ee259ee2cmitreexploitvdb-entrytechnical-description
News mentions
0No linked articles in our index yet.