CVE-2021-36855 An XSS vulnerability in the Booking Ultra Pro plugin = 1.1.4 at WordPress that is caused by CSRF.

The PoC exploit code is - Injecting XSS via CSRF. Reflected XSS via CSRF vulnerability can lead to serious security vulnerabilities in WordPress. The WordPress plugin Booking Ultra Pro is prone to a Cross-Site Request Forgery (CSRF) vulnerability. This may allow hackers to execute malicious requests against targeted users. If a user is logged into another site, it may be possible to execute commands against their account. This may lead to the takeover of the site and the exposure of sensitive information. WordPress plugin “Booking Ultra Pro” is vulnerable to a Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability. The PoC exploit code is - Injecting XSS via CSRF. Reflected XSS via CSRF vulnerability can lead to serious security vulnerabilities in WordPress. The WordPress plugin Booking Ultra Pro is prone to a Cross-Site Request Forgery (CSRF) vulnerability. This may allow hackers to execute malicious requests against targeted users. If a user is logged into another site, it may be possible to execute commands against their account. This may lead to the takeover of the site and the exposure of sensitive information. WordPress plugin “Booking Ultra Pro” is vulnerable to a Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability. The PoC exploit code is - Injecting XSS via CSRF. Reflected XSS

WordPress Plugin: Booking Ultra Pro

The WordPress plugin Booking Ultra Pro is prone to a Cross-Site Request Forgery (CSRF) vulnerability. This may allow hackers to execute malicious requests against targeted users. If a user is logged into another site, it may be possible to execute commands against their account. This may lead to the takeover of the site and the exposure of sensitive information. WordPress plugin “Booking Ultra Pro” is vulnerable to a Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability. The PoC exploit code is - Injecting XSS via CSRF. Reflected XSS via CSRF vulnerability can lead to serious security vulnerabilities in WordPress. The WordPress plugin Booking Ultra Pro is prone to a Cross-Site Request Forgery (CSRF) vulnerability. This may allow hackers to execute malicious requests against targeted users. If a user is logged into another site, it may be possible to execute commands against their account. This may lead to the takeover of the site and the exposure of sensitive information. WordPress plugin “Booking Ultra Pro” is vulnerable to a Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability.

Timeline

Published on: 09/30/2022 17:15:00 UTC
Last modified on: 10/04/2022 13:02:00 UTC

References

• https://wordpress.org/plugins/booking-ultra-pro/
• https://patchstack.com/database/vulnerability/booking-ultra-pro/wordpress-booking-ultra-pro-plugin-1-1-4-cross-site-scripting-xss-via-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36855