The WP Hotel Booking WordPress plugin prior to 2.0.8 does not have authorisation and CSRF checks, as well as does not ensure that the package to be deleted is a package, allowing any authenticated users, such as subscriber to delete arbitrary posts
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
thimpress wp hotel booking |