What is CVE-2023-5652?

CVE-2023-5652 is a vulnerability in Wp Hotel Booking, classified under CWE-89 SQL INJECTION. Published 2023-11-20.

Is CVE-2023-5652 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Wp Hotel Booking

CVE-2023-5652

The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not escape user input before using it in a SQL statement of a function hooked to admin_init, allowing unauthenticated users to…

EPSS: 0.666 (98.6th percentile) — read the EPSS interpretation.

Affected products

Unknown Wp Hotel Booking — versions 0

Public proof-of-concept exploits

20142995/nuclei-templates

References

wpscan.com/vulnerability/8ea46b9a-5239-476b-949d-49546371eac1 (exploit, vdb-entry, technical-description)

Frequently asked questions

What is CVE-2023-5652?: CVE-2023-5652 is a vulnerability in Wp Hotel Booking, classified under CWE-89 SQL INJECTION. Published 2023-11-20.
Is CVE-2023-5652 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.