WordPress Plugin Vulnerabilities

ND Booking < 2.5 - Unauthenticated Options Change

Description

The Hotel Booking WordPress plugin was affected by an Unauthenticated Options Change security vulnerability.

Affects Plugins

Plugin icon
nd-booking
Fixed in 2.5

References

CVE
CVE-2019-15774
URL
https://blog.nintechnet.com/privilege-escalation-vulnerability-in-wordpress-nd-booking-plugin/

Classification

Type
PRIVESC
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-269
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
Jerome Bruandet (nintechnet.com)
Verified
No
WPVDB ID
fb211b8b-5c32-40df-b197-bb51fc672b4b

Timeline

Publicly Published
2019-08-05 (about 6 years ago)
Added
2019-08-05 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2024-12-11
Title
Wp NssUser Register <= 1.0.0 - Unauthenticated Privilege Escalation
Published
2023-08-08
Title
Real Estate Manager <= 7.2 - Subscriber+ Privilege Escalation
Published
2024-05-03
Title
EAN for WooCommerce < 4.9.0 - Authenticated (Shop Manager+) Arbitrary Options Update
Published
2016-07-08
Title
Profile Builder < 2.4.1 - Privilege Escalation
Published
2020-03-24
Title
Data Tables Generator By Supsystic < 1.9.92 - Insecure Permissions on AJAX Actions