Missing Authorization Vulnerability in WP Time Slots Booking Form Allows Exploiting Incorrectly Configured Access Control Security Levels

CVE-2023-23895

4.7MEDIUM

Key Information

Vendor: Codepeople
Status: WP Time Slots Booking Form
Vendor: CVE Published:; 9 December 2024

Summary

Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Time Slots Booking Form: from n/a through 1.1.82.

Affected Version(s)

WP Time Slots Booking Form <= 1.1.82

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Dec 9, 2024
Vulnerability Reserved.
Jan 19, 2023

Collectors

NVD DatabaseMitre Database

Credit

yuyudhn (Patchstack Alliance)