Manipulating Hidden Fields in WpDevArt Booking Calendar
CVE-2023-24373

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: Booking Calendar, Appointment Booking System
Vendor: CVE Published:; 3 June 2024

Summary

The vulnerability allows external users to manipulate hidden fields within the WpDevArt Booking Calendar and Appointment Booking System, which can result in unauthorized access or modification of data. This presents a significant risk for applications relying on the integrity of these hidden fields, potentially exposing sensitive information or leading to further exploits.

Affected Version(s)

Booking calendar, Appointment Booking System <= 3.2.3

References

https://patchstack.com/database/vulnerability/booking-cal...

vdb-entry

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 3, 2024
Vulnerability Reserved
Jan 23, 2023

Credit

yuyudhn (Patchstack Alliance)