PT-2023-16775 · WordPress · Wp Fevents Book

Ameen Alkurdy

Publicado

2023-04-24

Atualizado

2023-05-02

CVE-2023-1129

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions WP FEvents Book WordPress plugin versions 0.46 and earlier

Description The issue allows any authenticated user to book, add notes, or cancel bookings on behalf of other users, as the plugin does not ensure that bookings to be updated belong to the user making the request.

Recommendations For WP FEvents Book WordPress plugin versions 0.46 and earlier, update to a version later than 0.46 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2023-1129

Produtos afetados

Wp Fevents Book

PT-2023-16775 · WordPress · Wp Fevents Book

CVE-2023-1129

Identificadores relacionados

Produtos afetados

Referências · 6