WordPress Plugin Vulnerabilities

Accommodation System <= 1.0.1 - Subscriber+ Unauthorised Actions

Description

The plugin does not have authorisation in various actions, which could allow users with a role as low as subscriber to call them and perform unauthorised actions

Affects Plugins

Plugin icon
accommodation-system
No known fix

References

CVE
CVE-2022-37344

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
6.3 (medium)

Miscellaneous

Original Researcher
ptsfence
Verified
No
WPVDB ID
61351d03-a3cc-49f5-97fb-3eed315dc418

Timeline

Publicly Published
2022-08-25 (about 3 years ago)
Added
2022-09-07 (about 3 years ago)
Last Updated
2022-09-07 (about 3 years ago)

Other

Published
Title
Published
2025-01-16
Title
Loginplus <= 1.2 - Missing Authorization
Published
2023-11-13
Title
BetterDocs < 2.5.3 - Missing Authorization via AJAX actions
Published
2023-12-26
Title
Product Filter by WBW < 2.5.1 - Subscriber+ Table Data Access
Published
2025-04-01
Title
Theater for WordPress < 0.18.8 - Missing Authorization
Published
2025-12-21
Title
Virusdie < 1.1.7 - Missing Authorization