What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows Cross Site Request Forgery.This issue affects WP Hotel Booking: from n/a through <= 2.1.9.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
What the vulnerability does
Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows Cross Site Request Forgery.This issue affects WP Hotel Booking: from n/a through <= 2.1.9.
Explanation of Vulnerability in Simple Terms
WP Hotel Booking versions up to 2.1.9 contain a cross-site request forgery (CSRF) vulnerability that allows attackers to perform unauthorized actions on behalf of site visitors. An attacker can craft a malicious link or page that, when visited by a logged-in user, triggers unwanted changes to hotel booking settings or data. The vulnerability requires user interaction but does not require authentication.
What an attacker can do
Perform unauthorized actions on the site by tricking a logged-in user into visiting a malicious page.
Potential impact on your site
Attackers can modify hotel booking settings, create fake bookings, or alter site data without your knowledge or consent.
Conditions required to exploit
A site visitor must click a malicious link or visit an attacker-controlled page while logged into the WordPress site.
Key dates
External resources
Related vulnerabilities