CVE-2024-9450

Name of the Vulnerable Software and Affected Versions: Free Booking Plugin for Hotels, Restaurants and Car Rentals versions prior to 1.3.15

Description: The issue concerns the lack of CSRF check when updating settings, which could allow attackers to make a logged-in subscriber change them via a CSRF attack. This could potentially permit attackers to modify settings without the subscriber's knowledge or consent.

Recommendations: For versions prior to 1.3.15, update to version 1.3.15 or later to resolve the issue. As a temporary workaround, consider restricting access to the settings update functionality to minimize the risk of exploitation.