CVE-2020-36757

Summary

CVE-2020-36757 is a vulnerability affecting the WP Hotel Booking plugin for WordPress. Versions up to and including 1.10.1 are susceptible to a Cross-Site Request Forgery (CSRF) attack. The issue stems from inadequate nonce validation on the admin_add_order_item() function. As a result, unauthenticated attackers can manipulate site administrators into performing actions such as adding an order item via a malicious link, exploiting this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.