cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-12032,https://securityvulnerability.io/vulnerability/CVE-2024-12032,SQL Injection Vulnerability in Tourfic WordPress Plugin for Hotel Booking,"The Ultimate Hotel Booking, Travel Booking & Apartment Booking WordPress Plugin, specifically the WooCommerce Booking variant, is susceptible to SQL Injection through the 'enquiry_id' parameter within the 'tf_enquiry_reply_email_callback' function. This vulnerability arises from inadequate escaping of user input and insufficient preparation in the SQL query, allowing attackers with Subscriber-level or higher access to inject their own SQL commands. As a result, they can potentially append additional queries to the original SQL command, leading to unauthorized access to sensitive information stored in the database. This poses a serious risk and highlights the need for secure coding practices and proper validation of user inputs in web applications.",Wordpress,"Tourfic – Ultimate Hotel Booking, Travel Booking & Apartment Booking WordPress Plugin | WooCommerce Booking",6.5,MEDIUM,0.0005799999926239252,false,,false,false,false,,false,false,2024-12-25T03:21:31.009Z,0
CVE-2024-8319,https://securityvulnerability.io/vulnerability/CVE-2024-8319,Tourfic Plugin Vulnerable to Cross-Site Request Forgery,"The Tourfic plugin for WordPress has a vulnerability that exposes the system to Cross-Site Request Forgery (CSRF) attacks. This issue arises from an absence or faulty implementation of nonce validation across multiple functions, including those that manage order status, visitor details, and check-in/out operations. As a consequence, unauthenticated attackers may exploit this vulnerability to forge requests, thereby executing actions that should require authentication. This includes the ability to resend order status emails, alter visitor or order information, edit check-in and check-out data, change order statuses, perform bulk updates, and delete specific data fields. The flaw underscores the importance of proper nonce validation to ensure that actions are performed by legitimate users.",Wordpress,"Tourfic – Ultimate Hotel Booking, Travel Booking & Apartment Booking WordPress Plugin | WooCommerce Booking",4.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,2024-08-30T07:33:09.622Z,0