Vulnerabilities > CVE-2023-1977 - Unspecified vulnerability in Oplugins Booking Manager

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

oplugins

NVD

Published: 2023-08-16

Updated: 2023-11-07

Summary

The Booking Manager WordPress plugin before 2.0.29 does not validate URLs input in it's admin panel or in shortcodes for showing events from a remote .ics file, allowing an attacker with privileges as low as Subscriber to perform SSRF attacks on the sites internal network.

Vulnerable Configurations

Part	Description	Count
Application	Oplugins Oplugins Booking Manager *	1

References

https://wpscan.com/vulnerability/842f3b1f-395a-4ea2-b7df-a36f70e8c790