Booking Manager, CVE-2023-1977

CVE, Research URL: CVE-2023-1977
Home page URL: Security reports for Booking Manager
Application: Booking Manager
Published on: Aug 16, 2023
Research Description: The Booking Manager WordPress plugin before 2.0.29 does not validate URLs input in it's admin panel or in shortcodes for showing events from a remote .ics file, allowing an attacker with privileges as low as Subscriber to perform SSRF attacks on the sites internal network.
Affected versions: max 2.0.29.
Status: vulnerable