The Booking Manager WordPress plugin prior to 2.0.29 does not validate URLs input in it's admin panel or in shortcodes for showing events from a remote .ics file, allowing an attacker with privileges as low as Subscriber to perform SSRF attacks on the sites internal network.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
oplugins booking manager |