The wp-hotel-booking plugin through 1.10.2 for WordPress allows remote attackers to execute arbitrary code because of an unserialize operation on the thimpress_hotel_booking_1 cookie in load in includes/class-wphb-sessions.php.
References
Link | Resource |
---|---|
https://appcheck-ng.com/cve-2020-29047/ | Exploit Third Party Advisory |
https://wordpress.org/plugins/wp-hotel-booking/#developers | Product Third Party Advisory |
Configurations
History
10 Mar 2021, 13:21
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:thimpress:wp_hotel_booking:*:*:*:*:*:wordpress:*:* | |
References | (MISC) https://appcheck-ng.com/cve-2020-29047/ - Exploit, Third Party Advisory | |
References | (MISC) https://wordpress.org/plugins/wp-hotel-booking/#developers - Product, Third Party Advisory | |
CWE | CWE-502 | |
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
03 Mar 2021, 18:16
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-03-03 18:15
Updated : 2023-12-10 13:41
NVD link : CVE-2020-29047
Mitre link : CVE-2020-29047
CVE.ORG link : CVE-2020-29047
JSON object : View
Products Affected
thimpress
- wp_hotel_booking
CWE
CWE-502
Deserialization of Untrusted Data