Rewterz Threat Advisory – CVE-2023-39918 – WordPress Booking Package Plugin Vulnerability

Rewterz Threat Alert – SideWinder APT Group aka Rattlesnake – Active IOCs

September 5, 2023

Rewterz Threat Advisory – Multiple Google Chrome Vulnerabilities

September 6, 2023

Rewterz Threat Advisory – CVE-2023-39918 – WordPress Booking Package Plugin Vulnerability

Severity

High

Analysis Summary

CVE-2023-39918

Booking Package Plugin for WordPress is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

Impact

Cross-Site Scripting

Indicators Of Compromise

CVE

CVE-2023-39918

Affected Vendors

WordPress

Affected Products

Booking Package Plugin for WordPress 1.6.01

Remediation

Upgrade to the latest version of Booking Package Plugin, available from the WordPress Plugin Directory.

WordPress Plugins Directory

Rewterz Threat Alert – SideWinder APT Group aka Rattlesnake – Active IOCs

Rewterz Threat Advisory – Multiple Google Chrome Vulnerabilities

Rewterz Threat Advisory – CVE-2023-39918 – WordPress Booking Package Plugin Vulnerability

Severity

Analysis Summary

Impact

Indicators Of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan