Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress Plugin Google Adsense and Hotel Booking Open Proxy (1.0.5)

Description

WordPress Plugin Google Adsense and Hotel Booking is prone to an open proxy vulnerability. Exploiting this issue may allow attackers to hide attacks on third parties, or DoS a site if the POST request is pointed back at itself causing a loop. WordPress Plugin Google Adsense and Hotel Booking version 1.0.5 is vulnerable; prior versions are also affected.

Remediation

Disable the plugin until a fix is available

References

http://www.vapidlabs.com/advisory.php?v=151

Related Vulnerabilities

Oracle Application Server CVE-2006-0273 Vulnerability (CVE-2006-0273)

WordPress Plugin FG PrestaShop to WooCommerce Cross-Site Scripting (3.19.1)

Ruby on Rails Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2016-2097)

WordPress Plugin Login as User or Customer Privilege Escalation (3.2)

IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-1734)

Severity

High

Classification

CVE-2015-1000009 CWE-441 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update