WordPress Booking Ultra Pro Appointments Booking Calendar Plugin plugin <= 1.1.12 - Broken Access Control vulnerability
CVE-2023-32601

5.4MEDIUM

Key Information:

Vendor: WordPress
Status: Booking Ultra Pro
Vendor: CVE Published:; 13 December 2024

Summary

A vulnerability in the Booking Ultra Pro plugin has been identified due to missing authorization features, enabling attackers to exploit incorrectly configured access control security levels. This flaw impacts multiple versions of the plugin, allowing unauthorized users to gain access to restricted areas or functionalities. Users are advised to review their access controls and update to the latest version to mitigate this issue.

Affected Version(s)

Booking Ultra Pro <= 1.1.12

References

https://patchstack.com/database/wordpress/plugin/booking-...

vdb-entry

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 13, 2024
Vulnerability Reserved
May 10, 2023

Credit

Badromance 1337 (Patchstack Alliance)