CVE-2023-5799: 
WordPress vulnerability analysis and mitigation

The WP Hotel Booking WordPress plugin before version 2.0.8 contains a vulnerability identified as CVE-2023-5799. This security flaw stems from improper authorization controls when deleting packages, which allows users with Contributor-level permissions and above to delete posts that do not belong to them. The vulnerability was discovered and publicly disclosed on October 26, 2023 (WPScan Advisory).

The vulnerability is classified as an Incorrect Authorization issue (CWE-863) and falls under the OWASP Top 10 category A5: Broken Access Control. It has been assigned a CVSS v3.1 base score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L (NVD).

When exploited, this vulnerability allows authenticated users with Contributor-level access or higher to delete posts created by other users, including administrators. This unauthorized deletion capability could lead to content loss and potential disruption of the website's functionality (WPScan Advisory).

The vulnerability has been patched in version 2.0.9 of the WP Hotel Booking plugin. Site administrators are strongly advised to update to this version or later to protect against unauthorized post deletions (WPScan Advisory).