WordPress Plugin Vulnerabilities

Hotel Booking Lite < 4.7.0 - Settings Update via CSRF

Description

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Affects Plugins

Plugin icon
motopress-hotel-booking-lite
Fixed in 4.7.0

References

CVE
CVE-2023-28498

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
yuyudhn
Verified
No
WPVDB ID
1635c457-764f-4c90-a10d-e039497bed01

Timeline

Publicly Published
2023-03-16 (about 3 years ago)
Added
2023-11-13 (about 2 years ago)
Last Updated
2023-11-13 (about 2 years ago)

Other

Published
Title
Published
2024-08-07
Title
Hummingbird < 3.9.2 - Cross-Site Request Forgery
Published
2014-09-08
Title
TinyMCE Advanced < 4.2.3 - Setting Reset Cross-Site Request Forgery (CSRF)
Published
2024-05-29
Title
WP To Do <= 1.3.0 - Cross-Site Request Forgery via wptodo_addcomment
Published
2023-11-12
Title
ShiftController Employee Shift Scheduling < 4.9.24 - CSRF
Published
2021-06-21
Title
Remove Schema < 1.6 - Cross-Site Request Forgery