CVE-2024-12370

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions WP Hotel Booking plugin for WordPress versions up to and including 2.1.5

Description The issue allows unauthorized modification of data due to a missing capability check when adding rooms. This makes it possible for unauthenticated attackers to add rooms with custom prices.

Recommendations For versions up to and including 2.1.5, update to a version higher than 2.1.5 to resolve the issue. As a temporary workaround, consider restricting access to the room addition feature until a patch is available. Avoid using the custom price feature in the affected plugin until the issue is resolved.

Fix

Improper Access Control

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-862

Related Identifiers

CVE-2024-12370

Affected Products

Wp Hotel Booking

CVE-2024-12370

Weakness Enumeration

Related Identifiers

Affected Products

References · 7