← volver
CVE-2023-1977

Booking Manager < 2.0.29 - Subscriber+ SSRF

EPSS 0.8%
The Booking Manager WordPress plugin before 2.0.29 does not validate URLs input in it's admin panel or in shortcodes for showing events from a remote .ics file, allowing an attacker with privileges as low as Subscriber to perform SSRF attacks on the sites internal network.
Productos afectados
Unknown · Booking Manager

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://wpscan.com/vulnerability/842f3b1f-395a-4ea2-b7df-a36f70e8c790