WordPress Plugin Vulnerabilities

Online Lesson Booking <= 0.8.6 - CSRF & XSS

Description

The Online Lesson Booking WordPress plugin was affected by a CSRF & XSS security vulnerability.

Affects Plugins

Plugin icon
online-lesson-booking-system
Fixed in 0.8.7

References

CVE
CVE-2019-5972
CVE
CVE-2019-5973
URL
https://jvn.jp/en/jp/JVN96988995/index.html
URL
https://plugins.trac.wordpress.org/changeset/2093173/online-lesson-booking-system

Miscellaneous

Original Researcher
Natsumi Matsuoka of Cryptography Laboratory
Submitter
Ryan Dewhurst
Submitter website
https://wpscan.io
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
42513be1-a3aa-4435-9b9b-42808521fcad

Timeline

Publicly Published
2019-06-10 (about 6 years ago)
Added
2019-07-09 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2015-06-04
Title
zM Ajax Login & Register 1.0.9 - Local File Inclusion & XSS
Published
2019-02-06
Title
Forminator < 1.6 - Authenticated Multiple Vulnerabilities
Published
2019-10-07
Title
Export Users to CSV < 1.4 - Unauthorised CSV Access
Published
2014-08-01
Title
Multiple vulnerabilities in Chocolate WP theme for WordPress
Published
2014-04-25
Title
iMember360is 3.9.001 - XSS / Disclosure / Code Execution