Booking Package < 1.5.29 - Unauthenticated Sensitive Data Disclosure
CVE-2022-0709

7.5HIGH

Key Information:

Vendor

Wordpress
Status
Booking Package – Appointment Booking Calendar System
Vendor
CVE Published:
4 April 2022

What is CVE-2022-0709?

The Booking Package WordPress plugin before 1.5.29 requires a token for exporting the ical representation of it's booking calendar, but this token is returned in the json response to unauthenticated users performing a booking, leading to a sensitive data disclosure vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Booking Package – Appointment Booking Calendar System 1.5.29

References

https://wpscan.com/vulnerability/3cd1d8d2-d2a4-45a9-9b5f-...
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

huli of Cymetrics
JSON
.