Description
WordPress Plugin Booking is prone to a privilege escalation vulnerability. Exploiting this issue may allow attackers to bypass the expected capabilities check and perform otherwise restricted actions; other attacks are also possible. WordPress Plugin Booking version 2.4 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.5 or latest
References
https://blog.nintechnet.com/privilege-escalation-vulnerability-in-wordpress-nd-booking-plugin/
https://plugins.svn.wordpress.org/nd-booking/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin User Activation Email Cross-Site Scripting (1.3.0)
Joomla! Core 3.9.x Cross-Site Request Forgery (3.9.0 - 3.9.19)
WordPress Plugin Logo Slider and Showcase Security Bypass (1.3.36)
WordPress Plugin Sliding Recent Posts Cross-Site Request Forgery (1.0)
phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-4998)