WordPress Plugin Vulnerabilities

WP Hotel Booking < 1.10.6 - CSRF

Description

The plugin is lacking CSRF which could allow attackers to a logged in admin perform unwanted actions via a CSRF attack

Affects Plugins

Plugin icon
wp-hotel-booking
Fixed in 1.10.6

References

CVE
CVE-2021-36852

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Ngo Van Thien
Verified
No
WPVDB ID
b9f1b80f-5dc1-47eb-b5cf-5dc3c3e3172d

Timeline

Publicly Published
2022-08-02 (about 1 years ago)
Added
2022-08-22 (about 1 years ago)
Last Updated
2023-05-13 (about 11 months ago)

Other

Published
Title
Published
2021-04-12
Title
Content Copy Protection & Prevent Image Save <= 1.3 - CSRF to Stored Cross-Site Scripting (XSS)
Published
2023-01-24
Title
Intuitive Custom Post Order < 3.1.4 - Arbitrary Menu Order Update via CSRF
Published
2014-08-01
Title
Store Locator < 2.12 - Cross-Site Request Forgery
Published
2021-11-15
Title
Single Post Exporter <= 1.1.1 - Plugin's Settings Update via CSRF
Published
2021-08-16
Title
Multiple Plugins - CSRF Bypass