We’re Open! by Design Extreme

We’re Open! by Design Extreme <= 1.45 - Subscriber+ Arbitrary Special Opening Hour Deletion

LANACOMMONVDB ID: b3ca22bc-6159-43ff-b083-2fec9ed6a6d4

The plugin does not have authorisation and Cross-Site Request Forgery (CSRF) check when deleting a special opening hour, which could allow any authenticated users, such as subscriber to delete arbitrary special opening hour.

You must be log in to view vulnerability details.

Or register a new account.

References

Source Code: https://wordpress.org/plugins/opening-hours/

CVE: CVE-2023-25067

Attributes

Catgory: WordPress Plugin

Discovered: 2023-01-06

Published: 2023-02-02

Affected Version: <= 1.45

Classification

Type: Cross-Site Request Forgery (CSRF), Missing Authorization

Researcher

Name: István Márton

Email: [email protected]

Support Us?

We would truly appreciate it if you bought us a bunny (food for a snow leopard).