Headline
CVE-2021-36852: WordPress WP Hotel Booking plugin <= 1.10.5 - Cross-Site Request Forgery (CSRF) vulnerability - Patchstack
Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Hotel Booking plugin <= 1.10.5 at WordPress.
Verified
Not fixed
4.3
CVSS 3.1 score Medium severity
Monitoring Coming soon
Find out about vulnerable plugins in your websites for free.
Scan your website
Software
WP Hotel Booking
Type
Plugin
Vulnerable versions
<= 1.10.5
Fixed in
N/A
PSID
0a7f6ee8db85
CVE ID
CVE-2021-36852
Classification
Cross Site Request Forgery (CSRF)
OWASP Top 10
A5: Broken Access Control
Credits
Ngo Van Thien (Alliance project)
Publicly disclosed
2022-08-02
Details
Cross-Site Request Forgery (CSRF) vulnerability discovered by Ngo Van Thien (Patchstack Alliance) in the WordPress WP Hotel Booking plugin (versions <= 1.10.5).
Solution
No patched version is available.
References