VYPR
Unrated severityNVD Advisory· Published Nov 20, 2023· Updated Aug 2, 2024

WP Hotel Booking < 2.0.8 - Unauthenticated SQLi

CVE-2023-5652

Description

The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not escape user input before using it in a SQL statement of a function hooked to admin_init, allowing unauthenticated users to perform SQL injections

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.