CVE-2023-5991

Name of the Vulnerable Software and Affected Versions Hotel Booking Lite WordPress plugin versions prior to 4.8.5

Description The issue arises from the plugin's failure to validate file paths provided via user input and its lack of proper CSRF and authorisation checks. This allows unauthenticated users to download and delete arbitrary files on the server.

Recommendations For versions prior to 4.8.5, update to version 4.8.5 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories on the server to minimize the risk of exploitation. Additionally, disabling the plugin until an update can be applied may also help mitigate the risk.