The WP Hotel Booking WordPress plugin prior to 2.0.8 does not have authorisation and CSRF checks, as well as does not escape user input before using it in a SQL statement of a function hooked to admin_init, allowing unauthenticated users to perform SQL injections
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
thimpress wp hotel booking |