Описание
The Bookster WordPress plugin through 1.1.0 allows adding sensitive parameters when validating appointments allowing attackers to manipulate the data sent when booking an appointment (the request body) to change its status from pending to approved.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.1.0 (включая)
cpe:2.3:a:wpbookster:bookster:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 37%
0.00159
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-863
Связанные уязвимости
CVSS3: 6.5
github
больше 1 года назад
The Bookster WordPress plugin through 1.1.0 allows adding sensitive parameters when validating appointments allowing attackers to manipulate the data sent when booking an appointment (the request body) to change its status from pending to approved.
EPSS
Процентиль: 37%
0.00159
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-863