First published: Mon Nov 20 2023(Updated: )
The WP Hotel Booking WordPress plugin before 2.0.8 does not have proper authorisation when deleting a package, allowing Contributor and above roles to delete posts that do no belong to them
Credit: contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
Thimpress Wp Hotel Booking | <2.0.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2023-5799.
The title of this vulnerability is 'WP Hotel Booking < 2.0.9 - Contributor+ Arbitrary Post Deletion'.
The WP Hotel Booking WordPress plugin before 2.0.8 does not have proper authorisation when deleting a package, allowing Contributor and above roles to delete posts that do no belong to them.
The severity of this vulnerability is medium with a CVSS score of 5.4.
To fix this vulnerability, update the WP Hotel Booking plugin to version 2.0.9 or higher.