Описание
The Booking X plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_now() function in versions 1.0 to 1.1.2. This makes it possible for unauthenticated attackers to download all plugin data, including user accounts, user meta, and PayPal credentials, by issuing a crafted POST request.
Ссылки
EPSS
Процентиль: 30%
0.00108
Низкий
7.5 High
CVSS3
Дефекты
CWE-862
Связанные уязвимости
CVSS3: 7.5
github
7 месяцев назад
The Booking X plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_now() function in versions 1.0 to 1.1.2. This makes it possible for unauthenticated attackers to download all plugin data, including user accounts, user meta, and PayPal credentials, by issuing a crafted POST request.
EPSS
Процентиль: 30%
0.00108
Низкий
7.5 High
CVSS3
Дефекты
CWE-862