exploitDog

CVE-2024-0856

Опубликовано: 20 мар. 2024

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

The Appointment Booking Calendar WordPress plugin before 1.3.83 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding a booking to the calendar without paying.

Ссылки

https://wpscan.com/vulnerability/eb383600-0cff-4f24-8127-1fb118f0565a/
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/eb383600-0cff-4f24-8127-1fb118f0565a/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:codepeople:appointment_booking_calendar:*:*:*:*:*:wordpress:*:*

Версия до 1.3.83 (исключая)

EPSS

Процентиль: 43%

0.00209

Низкий

8.8 High

CVSS3

Дефекты

CWE-352

Связанные уязвимости

GHSA-27hg-5398-wvrh

CVSS3: 8.8

github

почти 2 года назад

The Appointment Booking Calendar WordPress plugin before 1.3.83 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding a booking to the calendar without paying.

EPSS

Процентиль: 43%

0.00209

Низкий

8.8 High

CVSS3

Дефекты

CWE-352