WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

WP Booking System <= 1.5.1.1 - CSRF to Authenticated SQL Injection

Description

According to the original researcher, no CSRF nonces were present and therefore could be exploited by chaining with the CSRF issue.

Affects Plugins

wp-booking-system
Fixed in version 1.5.2

References

CVE
CVE-2019-12239
URL
http://dumpco.re/bugs/wp-plugin-wp-booking-system-sqli
URL
https://plugins.trac.wordpress.org/changeset/2082212/wp-booking-system

Classification

Type

SQLI

OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Original Researcher

Magnus K. Stubman

Submitter

Ryan Dewhurst

Submitter website
https://wpscan.io
Submitter twitter
ethicalhack3r
Verified

No

WPVDB ID
2579ff89-0155-453e-b9d1-bbd27cb43c18

Timeline

Publicly Published

2019-05-22 (about 3 years ago)

Added

2019-05-22 (about 3 years ago)

Last Updated

2020-09-22 (about 1 years ago)

Our Other Services

WPScan WordPress Security Plugin