exploitDog

CVE-2023-1129

Опубликовано: 24 апр. 2023

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

The WP FEvents Book WordPress plugin through 0.46 does not ensures that bookings to be updated belong to the user making the request, allowing any authenticated user to book, add notes, or cancel booking on behalf of other users.

Ссылки

https://wpscan.com/vulnerability/d40479de-fb04-41b8-9fb0-41b9eefbd8af
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/d40479de-fb04-41b8-9fb0-41b9eefbd8af
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wp_fevents_book_project:wp_fevents_book:*:*:*:*:*:wordpress:*:*

Версия до 0.46 (включая)

EPSS

Процентиль: 26%

0.00093

Низкий

6.5 Medium

CVSS3

Дефекты

Связанные уязвимости

GHSA-c29f-jm2c-8vv7

CVSS3: 6.5

github

почти 3 года назад

The WP FEvents Book WordPress plugin through 0.46 does not ensures that bookings to be updated belong to the user making the request, allowing any authenticated user to book, add notes, or cancel booking on behalf of other users.

EPSS

Процентиль: 26%

0.00093

Низкий

6.5 Medium

CVSS3

Дефекты