WordPress Plugin Vulnerabilities

Booking Ultra Pro < 1.1.7 - Multiple CSRF

Description

The plugin does not have CSRF check in some places, which could allow attackers to make logged in users perform unwanted actions

Affects Plugins

Plugin icon
booking-ultra-pro
Fixed in 1.1.7

References

CVE
CVE-2021-36854

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Ngo Van Thien
Verified
No
WPVDB ID
19e0a24e-f9d2-48a7-86a9-8bba2a52d9ef

Timeline

Publicly Published
2022-09-28 (about 1 years ago)
Added
2022-10-01 (about 1 years ago)
Last Updated
2023-07-12 (about 10 months ago)

Other

Published
Title
Published
2023-12-27
Title
Easy PayPal Buy Now Button < 1.8.2 - Cross-Site Request Forgery
Published
2024-04-15
Title
BMI Adult & Kid Calculator < 1.2.2 - Cross-Site Request Forgery to Cross-Site Scripting
Published
2021-09-11
Title
WP Statistics < 13.1.2 - Arbitrary Plugin Activation/Deactivation via CSRF
Published
2021-07-16
Title
WordPress Photo Gallery – Image Gallery <= 1.0.6 - Cross-Site Request Forgery
Published
2023-12-27
Title
Spam protection, AntiSpam, FireWall by CleanTalk < 6.21 - Email Update via CSRF