Vulnerability CVE-2023-1977
Published: 2023-08-16

Description:
The Booking Manager WordPress plugin before 2.0.29 does not validate URLs input in it's admin panel or in shortcodes for showing events from a remote .ics file, allowing an attacker with privileges as low as Subscriber to perform SSRF attacks on the sites internal network.

Type:

CWE-918

 References:
https://wpscan.com/vulnerability/842f3b1f-395a-4ea2-b7df-a36f70e8c790
Copyright 2026, cxsecurity.com

 

Back to Top