WordPress CultBooking Hotel Booking Engine plugin <= 2.1 - CSRF to Stored XSS vulnerability
CVE-2024-53753

7.1HIGH

Key Information:

Vendor: WordPress
Status: Cultbooking Hotel Booking Engine
Vendor: CVE Published:; 2 December 2024

What is CVE-2024-53753?

A cross-site request forgery (CSRF) vulnerability exists in the CultBooking Hotel Booking Engine that enables attackers to exploit the system. This flaw allows for stored cross-site scripting (XSS) attacks, which can lead to malicious scripts being injected into webpages viewed by users. Attackers can leverage this vulnerability to perform unauthorized actions on behalf of legitimate users, potentially compromising sensitive information or leading to further exploits. The affected versions include all prior to 2.1, emphasizing the importance of immediate remediation for users of this product.

Affected Version(s)

CultBooking Hotel Booking Engine <= 2.1

References

https://patchstack.com/database/wordpress/plugin/cultbook...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 2, 2024
Vulnerability Reserved
Nov 22, 2024

Credit

SOPROBRO (Patchstack Alliance)