← volver
CVE-2024-13821

WP Booking Calendar <= 10.10 - Unauthenticated Post-Confirmation Booking Manipulation

CVSS 5.3 MEDIUMEPSS 0.4%CWE-285
The WP Booking Calendar plugin for WordPress is vulnerable to Unauthenticated Post-Confirmation Booking Manipulation in all versions up to, and including, 10.10. This is due to the plugin not properly requiring re-verification after a booking has been made and a change is being attempted. This makes it possible for unauthenticated attackers to manipulate their confirmed bookings, even after they have been approved.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Productos afectados
wpdevelop · Booking Calendar

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3234469%40booking&new=3234469%40booking&sfp_email=&sfph_mail=#file20https://www.wordfence.com/threat-intel/vulnerabilities/id/8a0b961e-ccc3-4da0-b007-bbafa133a3a8?source=cve