cbcvebase.
CVE-2023-5652
published 2023-11-20

CVE-2023-5652: The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not escape user input before using it in a SQL…

PriorityP279critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
63.71%
99.1th percentile
The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not escape user input before using it in a SQL statement of a function hooked to admin_init, allowing unauthenticated users to perform SQL injections

Affected

1 ranges
VendorProductVersion rangeFixed in
thimpresswp_hotel_booking< 2.0.82.0.8

Detection & IOCsextracted from sources · hover to see the quote

versionWP Hotel Booking < 2.0.8
sigma
title: WP Hotel Booking SQLi CVE-2023-5652
id: <UNKNOWN>
description: Detects unauthenticated SQL injection attempts against WP Hotel Booking plugin via admin_init hook
references:
  - https://nvd.nist.gov/vuln/detail/CVE-2023-5652
detection:
  selection:
    - 'regex("^0$", body)'
    - 'status_code == 400'
    - 'contains(content_type, "text/html")'
  condition: and
  • The vulnerability is triggered via a function hooked to admin_init, meaning unauthenticated HTTP requests to wp-admin/admin-post.php or similar admin_init-triggering endpoints should be monitored for SQL injection payloads.
  • No authentication or CSRF token is required to exploit this vulnerability; monitor for unauthenticated POST/GET requests to admin_init-hooked endpoints from the WP Hotel Booking plugin.
  • Nuclei template detection logic uses a regex match for body value '0', HTTP status 400, and content-type text/html as combined indicators of a successful probe response.
  • ·The Nuclei template digest can be used to verify template integrity and identify the specific exploit template in use.
  • ·Only WP Hotel Booking plugin versions before 2.0.8 are affected; patched at 2.0.8.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.