Missing Authorization Vulnerability in WP Time Slots Booking Form Allows Exploiting Incorrectly Configured Access Control Security Levels
CVE-2023-23895
7.2HIGH
Summary
A missing authorization vulnerability exists in CodePeople's WP Time Slots Booking Form, which could be exploited due to incorrectly configured access control security levels. This vulnerability primarily affects versions from n/a up to 1.1.82. Attackers could leverage this flaw to gain unauthorized access to sensitive functionalities of the plugin, compromising the security of user data and site integrity.
Affected Version(s)
WP Time Slots Booking Form <= 1.1.82
References
CVSS V3.1
Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
yuyudhn (Patchstack Alliance)