What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in Oganro Oganro Travel Portal Search Widget for HotelBeds APITUDE API oganro-travel-portal-search-widget-for-hotelbeds-apitude-api allows Cross Site Request Forgery.This issue affects Oganro Travel Portal Search Widget for HotelBeds APITUDE API: from n/a through <= 1.0.
Explanation of Vulnerability in Simple Terms
02Summary
The Oganro Travel Portal Search Widget for HotelBeds APITUDE API versions 1.0 and earlier are vulnerable to cross-site request forgery (CSRF). An attacker can craft a malicious webpage that, when visited by a logged-in user, performs unwanted actions on the user's behalf through the widget. The vulnerability requires user interaction but does not require authentication.
What an attacker can do
03Attacker Capabilities
Trick a user into visiting a malicious page that performs unwanted actions through the widget without the user's knowledge.
Potential impact on your site
04Site Impact
Users of the travel portal widget could have their bookings or account settings modified by attackers without their consent.
Conditions required to exploit
05Prerequisites
User must visit an attacker-controlled webpage while logged in or have an active session with the vulnerable widget.
Key dates
06Disclosure timeline
June 20, 2025
CVE published
April 28, 2026
Record updated