Wiz
Vulnerability DatabaseCVE-2023-1977

CVE-2023-1977
WordPress vulnerability analysis and mitigation

Overview

CVE-2023-1977 affects the Booking Manager WordPress plugin versions prior to 2.0.29. The vulnerability is identified as a Server-Side Request Forgery (SSRF) issue that affects users with privileges as low as Subscriber level. The vulnerability was discovered and disclosed in 2023, impacting WordPress installations using the affected plugin versions (WPScan).

Technical details

The vulnerability stems from improper URL validation in the plugin's admin panel and shortcodes functionality when handling remote .ics file events. The issue specifically occurs in the URL input validation for showing events from remote .ics files. The vulnerability has been assigned a CVSS score indicating moderate severity (Wordfence).

Impact

The vulnerability allows attackers with Subscriber-level privileges or higher to perform Server-Side Request Forgery (SSRF) attacks against the site's internal network. This could potentially lead to unauthorized access to internal resources and information disclosure (WPScan).

Mitigation and workarounds

The recommended mitigation is to update the Booking Manager plugin to version 2.0.29 or later, which contains the fix for this vulnerability (WPScan).

Additional resources

SourceThis report was generated using AI

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues

Cloud threat landscape

Cloud threat landscape

A comprehensive threat intelligence database of cloud security incidents, actors, tools and techniques

PEACH

PEACH

A step-by-step framework for modeling and improving SaaS and PaaS tenant isolation

Get a personalized demo

Ready to see Wiz in action?

“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo