WP Hotel Booking < 2.0.9 - Contributor+ Arbitrary Post Deletion
CVE-2023-5799
5.4MEDIUM
Summary
The WP Hotel Booking WordPress plugin before 2.0.8 does not have proper authorisation when deleting a package, allowing Contributor and above roles to delete posts that do no belong to them
Affected Version(s)
WP Hotel Booking 0 < 2.0.8
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Erwan LR (WPScan)
WPScan