CVE-2023-5651 Information

Description

The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks as well as does not ensure that the package to be deleted is a package allowing any authenticated users such as subscriber to delete arbitrary posts

Reference

https://wpscan.com/vulnerability/a365c050-96ae-4266-aa87-850ee259ee2c