Tourfic Plugin Vulnerable to Cross-Site Request Forgery
CVE-2024-8319
Key Information:
- Vendor
Wordpress
- Vendor
- CVE Published:
- 30 August 2024
What is CVE-2024-8319?
The Tourfic plugin for WordPress has a vulnerability that exposes the system to Cross-Site Request Forgery (CSRF) attacks. This issue arises from an absence or faulty implementation of nonce validation across multiple functions, including those that manage order status, visitor details, and check-in/out operations. As a consequence, unauthenticated attackers may exploit this vulnerability to forge requests, thereby executing actions that should require authentication. This includes the ability to resend order status emails, alter visitor or order information, edit check-in and check-out data, change order statuses, perform bulk updates, and delete specific data fields. The flaw underscores the importance of proper nonce validation to ensure that actions are performed by legitimate users.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Tourfic β Ultimate Hotel Booking, Travel Booking & Apartment Booking WordPress Plugin | WooCommerce Booking * <= 2.11.20
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved