ThreatPress

WordPress Vulnerabilities Database

Back

WordPress WP Booking System <= 1.5.1.1 - CSRF vulnerability to Authenticated SQL Injection vulnerability

Product
WP Booking System
Description
CSRF vulnerability to Authenticated SQL Injection vulnerability possible in WordPress WP Booking System (versions <= 1.5.1.1) found by Magnus K. Stubman.
Solution
Update the WordPress WP Booking System to the latest available version (at least 1.5.2).
Classification
Type Cross Site Request Forgery (CSRF)
OWASP Top 10 A8: Cross Site Request Forgery (CSRF)
References
Plugin changelog
CVE
Name CVE-2019-12239
Versions
Affected In <= 1.5.1.1
Fixed In 1.5.2
Disclosure date
2019-05-22
Credits
Magnus K. Stubman
Submitter
ThreatPress