Headline
CVE-2021-36854: WordPress Booking Ultra Pro plugin <= 1.1.4 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities - Patchstack
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Booking Ultra Pro plugin <= 1.1.4 at WordPress.
Verified
Not fixed
5.4
CVSS 3.1 score Medium severity
Report
Monitoring Not reported to be exploited
Vulnerable versions
<= 1.1.4
PSID
6047983f49fe
Classification
Cross Site Request Forgery (CSRF)
OWASP Top 10
A5: Broken Access Control
Publicly disclosed
2022-09-28
Details
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities were discovered by Ngo Van Thien (Patchstack Alliance) in the WordPress Booking Ultra Pro plugin (versions <= 1.1.4)
Solution
No patched version is available.
References