Vulnerabilities > CVE-2023-5799 - Incorrect Authorization vulnerability in Thimpress WP Hotel Booking

047910
CVSS 5.4 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
LOW
Availability impact
LOW
network
low complexity
thimpress
CWE-863
NVD
Published: 2023-11-20
Updated: 2023-11-27

Summary

The WP Hotel Booking WordPress plugin before 2.0.8 does not have proper authorisation when deleting a package, allowing Contributor and above roles to delete posts that do no belong to them

Vulnerable Configurations

Part Description Count
Application
Thimpress
98

Common Weakness Enumeration (CWE)

References