Unauthorized Data Access Vulnerability in WP BASE Booking Plugin for WordPress

CVE-2024-12558

What is CVE-2024-12558?

The WP BASE Booking of Appointments, Services and Events plugin for WordPress, specifically in versions up to and including 4.9.2, has been identified with a critical vulnerability that permits unauthorized access to sensitive data. This vulnerability arises from a missing capability check on the 'export_db' function, allowing authenticated attackers with Subscriber-level access or higher to potentially expose critical information stored in the database, including the hashed administrator password. This risk underscores the importance of securing WordPress plugins and ensuring that all software is updated to the latest version to mitigate security risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References