WpDevArt Booking Calendar Vulnerable to Missing Authorization
CVE-2023-24407

5MEDIUM

Key Information:

Vendor: WPdevart
Status: Booking Calendar, Appointment Booking System
Vendor: CVE Published:; 9 December 2024

Summary

A missing authorization vulnerability exists in the WpDevArt Booking Calendar and Appointment Booking System, allowing attackers to exploit incorrectly configured access control levels. This misconfiguration grants unauthorized access to sensitive components of the system, potentially leading to data exposure or manipulation. The issue affects all versions up to 3.2.3, making timely updates essential for maintaining security.

Affected Version(s)

Booking calendar, Appointment Booking System <= 3.2.3

References

https://patchstack.com/database/wordpress/plugin/booking-...

vdb-entry

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 9, 2024
Vulnerability Reserved
Jan 23, 2023

Credit

yuyudhn (Patchstack Alliance)