CVE-2023-5651

Published: 2023-11-20T19:15Z

Last Modified: 2024-11-21T08:42Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not ensure that the package to be deleted is a package, allowing any authenticated users, such as subscriber to delete arbitrary posts > MITRE Terms of Use apply – see LICENSE‑MITRE.txt