CVE Published: 20/11/2023 |
CVE Updated: 02/08/2024 |
CVE Year: 2023 Source: WPScan |
Vendor: Unknown |
Product: WP Hotel Booking Status : PUBLISHED
CVE-2023-5652 Description
The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not escape user input before using it in a SQL statement of a function hooked to admin_init, allowing unauthenticated users to perform SQL injections