First published: Mon Nov 20 2023(Updated: )
The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not ensure that the package to be deleted is a package, allowing any authenticated users, such as subscriber to delete arbitrary posts
|Affected Software||Affected Version||How to fix|
|Thimpress Wp Hotel Booking||<2.0.8|
The severity of CVE-2023-5651 is medium.
CVE-2023-5651 allows any authenticated users, such as subscribers, to delete arbitrary posts in WP Hotel Booking plugin.
Yes, WP Hotel Booking plugin version 2.0.8 is affected by CVE-2023-5651.
An attacker can delete arbitrary posts in WP Hotel Booking plugin using CVE-2023-5651.
To fix CVE-2023-5651, update WP Hotel Booking plugin to a version higher than 2.0.8.