CVE-2025-49966

{"id": "CVE-2025-49966", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "audit@patchstack.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2025-06-20T15:15:21.430", "references": [{"url": "https://patchstack.com/database/wordpress/plugin/oganro-travel-portal-search-widget-for-hotelbeds-apitude-api/vulnerability/wordpress-oganro-travel-portal-search-widget-for-hotelbeds-apitude-api-plugin-1-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "source": "audit@patchstack.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "audit@patchstack.com", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Oganro Oganro Travel Portal Search Widget for HotelBeds APITUDE API allows Cross Site Request Forgery. This issue affects Oganro Travel Portal Search Widget for HotelBeds APITUDE API: from n/a through 1.0."}, {"lang": "es", "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Oganro Oganro Travel Portal Search Widget for HotelBeds APITUDE API permite Cross-Site Request Forgery. Este problema afecta al widget de b\u00fasqueda del portal de viajes Oganro para la API APITUDE de HotelBeds: desde n/d hasta la versi\u00f3n 1.0."}], "lastModified": "2025-06-23T20:16:40.143", "sourceIdentifier": "audit@patchstack.com"}