Bssoftware

**Name of the Vulnerable Software and Affected Versions** Bookr versions up to and including 1.0.2 **Description** The Bookr plugin for WordPress has a flaw that allows unauthorized modification of data. This is due to a missing capability check on the `update-appointment` API endpoint. Unauthenticated attackers can change the status of any appointment. **Recommendations** Update the Bookr plugin to a version newer than 1.0.2.