CVE-2023-1977 Information

Description

The Booking Manager WordPress plugin before 2.0.29 does not validate URLs input in it’s admin panel or in shortcodes for showing events from a remote .ics file allowing an attacker with privileges as low as Subscriber to perform SSRF attacks on the sites internal network.

Reference

https://wpscan.com/vulnerability/842f3b1f-395a-4ea2-b7df-a36f70e8c790