Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistWPScanCVELIST:CVE-2023-5991
HistoryDec 26, 2023 - 6:33 p.m.

CVE-2023-5991 Hotel Booking Lite < 4.8.5 - Unauthenticated Arbitrary File Download & Deletion

2023-12-2618:33:14
WPScan
www.cve.org
4
hotel booking lite
wordpress plugin
unauthenticated access

AI Score

9.8

Confidence

High

EPSS

0.177

Percentile

96.2%

JSON

The Hotel Booking Lite WordPress plugin before 4.8.5 does not validate file paths provided via user input, as well as does not have proper CSRF and authorisation checks, allowing unauthenticated users to download and delete arbitrary files on the server

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Hotel Booking Lite",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "4.8.5"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

Related

wpvulndb 1
nvd 1
nuclei 1
wpexploit 1
cve 1
prion 1
wpvulndb
wpvulndb
Hotel Booking Lite < 4.8.5 - Unauthenticated Arbitrary File Download & Deletion
2023-12-01 00:00:00
nvd
nvd
CVE-2023-5991
2023-12-26 19:15:08
nuclei
nuclei
Hotel Booking Lite < 4.8.5 - Arbitrary File Download & Deletion
2024-05-14 10:34:23
wpexploit
wpexploit
Hotel Booking Lite < 4.8.5 - Unauthenticated Arbitrary File Download & Deletion
2023-12-01 00:00:00
cve
cve
CVE-2023-5991
2023-12-26 19:15:08
prion
prion
Design/Logic Flaw
2023-12-26 19:15:00

AI Score

9.8

Confidence

High

EPSS

0.177

Percentile

96.2%

JSON
Related for CVELIST:CVE-2023-5991
wpvulndb1nvd1nuclei1wpexploit1cve1prion1