exploitDog

CVE-2022-0920

Опубликовано: 11 апр. 2022

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

The Salon booking system Free and Pro WordPress plugins before 7.6.3 do not have proper authorisation in some of its endpoints, which could allow customers to access all bookings and other customer's data

Ссылки

https://wpscan.com/vulnerability/5a5ab7a8-be67-4f70-925c-9cb1eff2fbe0
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/5a5ab7a8-be67-4f70-925c-9cb1eff2fbe0
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:salonbookingsystem:salon_booking_system:*:*:*:*:*:wordpress:*:*

Версия до 7.6.3 (исключая)

EPSS

Процентиль: 74%

0.00821

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-863

Связанные уязвимости

GHSA-9m85-v4hv-p2xv

CVSS3: 7.5

github

почти 4 года назад

The Salon booking system Free and Pro WordPress plugins before 7.6.3 do not have proper authorisation in some of its endpoints, which could allow customers to access all bookings and other customer's data

EPSS

Процентиль: 74%

0.00821

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-863