/

CVE-2023-1977 Report - Details, Severity, & Advisories

CVE-2023-1977 Report - Details, Severity, & Advisories

Twingate Team

Apr 4, 2024

CVE-2023-1977 is a high-severity vulnerability affecting the Booking Manager WordPress plugin versions up to 2.0.29. This security flaw allows an attacker with low-level privileges, such as a Subscriber, to perform Server Side Request Forgery (SSRF) attacks on a site's internal network. Systems using the vulnerable plugin versions are at risk and should be updated to ensure security.

How do I know if I'm affected?

To determine if you're affected by the vulnerability, check if you're using the Booking Manager WordPress plugin. If your plugin version is earlier than 2.0.29, you're at risk. Signs of being affected include the ability to input an internal URL into the "Upload .ics file and show events" field in the admin panel or creating a post with a specific shortcode that includes an internal URL. Update your plugin to version 2.0.29 or later to avoid this high-severity vulnerability.

What should I do if I'm affected?

If you're affected by the vulnerability, immediately update your Booking Manager WordPress plugin to version 2.0.29 or later. This will fix the security flaw and protect your site from potential Server Side Request Forgery (SSRF) attacks. Keep your plugins updated to ensure ongoing security.

Is CVE-2023-1977 in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2023-1977 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This security issue affects the Booking Manager WordPress plugin and is classified as a Server Side Request Forgery (SSRF) attack. The vulnerability was published on August 16, 2023. There is no specified due date or required action, but updating the plugin to version 2.0.29 or later can mitigate the risk.

Weakness enumeration

The CVE-2023-1977 vulnerability involves an SSRF weakness in the Booking Manager plugin, classified under OWASP's A1: Injection category and CWE-918. The issue was fixed in version 2.0.29.

For more details

CVE-2023-1977 is a high-severity vulnerability affecting the Booking Manager WordPress plugin. For a comprehensive understanding of the vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the links below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

CVE-2023-1977 Report - Details, Severity, & Advisories

CVE-2023-1977 Report - Details, Severity, & Advisories

Twingate Team

Apr 4, 2024

CVE-2023-1977 is a high-severity vulnerability affecting the Booking Manager WordPress plugin versions up to 2.0.29. This security flaw allows an attacker with low-level privileges, such as a Subscriber, to perform Server Side Request Forgery (SSRF) attacks on a site's internal network. Systems using the vulnerable plugin versions are at risk and should be updated to ensure security.

How do I know if I'm affected?

To determine if you're affected by the vulnerability, check if you're using the Booking Manager WordPress plugin. If your plugin version is earlier than 2.0.29, you're at risk. Signs of being affected include the ability to input an internal URL into the "Upload .ics file and show events" field in the admin panel or creating a post with a specific shortcode that includes an internal URL. Update your plugin to version 2.0.29 or later to avoid this high-severity vulnerability.

What should I do if I'm affected?

If you're affected by the vulnerability, immediately update your Booking Manager WordPress plugin to version 2.0.29 or later. This will fix the security flaw and protect your site from potential Server Side Request Forgery (SSRF) attacks. Keep your plugins updated to ensure ongoing security.

Is CVE-2023-1977 in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2023-1977 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This security issue affects the Booking Manager WordPress plugin and is classified as a Server Side Request Forgery (SSRF) attack. The vulnerability was published on August 16, 2023. There is no specified due date or required action, but updating the plugin to version 2.0.29 or later can mitigate the risk.

Weakness enumeration

The CVE-2023-1977 vulnerability involves an SSRF weakness in the Booking Manager plugin, classified under OWASP's A1: Injection category and CWE-918. The issue was fixed in version 2.0.29.

For more details

CVE-2023-1977 is a high-severity vulnerability affecting the Booking Manager WordPress plugin. For a comprehensive understanding of the vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the links below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

CVE-2023-1977 Report - Details, Severity, & Advisories

Twingate Team

Apr 4, 2024

CVE-2023-1977 is a high-severity vulnerability affecting the Booking Manager WordPress plugin versions up to 2.0.29. This security flaw allows an attacker with low-level privileges, such as a Subscriber, to perform Server Side Request Forgery (SSRF) attacks on a site's internal network. Systems using the vulnerable plugin versions are at risk and should be updated to ensure security.

How do I know if I'm affected?

To determine if you're affected by the vulnerability, check if you're using the Booking Manager WordPress plugin. If your plugin version is earlier than 2.0.29, you're at risk. Signs of being affected include the ability to input an internal URL into the "Upload .ics file and show events" field in the admin panel or creating a post with a specific shortcode that includes an internal URL. Update your plugin to version 2.0.29 or later to avoid this high-severity vulnerability.

What should I do if I'm affected?

If you're affected by the vulnerability, immediately update your Booking Manager WordPress plugin to version 2.0.29 or later. This will fix the security flaw and protect your site from potential Server Side Request Forgery (SSRF) attacks. Keep your plugins updated to ensure ongoing security.

Is CVE-2023-1977 in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2023-1977 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This security issue affects the Booking Manager WordPress plugin and is classified as a Server Side Request Forgery (SSRF) attack. The vulnerability was published on August 16, 2023. There is no specified due date or required action, but updating the plugin to version 2.0.29 or later can mitigate the risk.

Weakness enumeration

The CVE-2023-1977 vulnerability involves an SSRF weakness in the Booking Manager plugin, classified under OWASP's A1: Injection category and CWE-918. The issue was fixed in version 2.0.29.

For more details

CVE-2023-1977 is a high-severity vulnerability affecting the Booking Manager WordPress plugin. For a comprehensive understanding of the vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the links below.