PT-2025-48811 · WordPress · Fluent Booking
Publicado
2025-12-03
·
Atualizado
2025-12-03
·
CVE-2025-13756
CVSS v3.1
4.3
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Fluent Booking plugin for WordPress versions up to and including 1.9.11
Description
The Fluent Booking plugin for WordPress is affected by an issue allowing unauthorized calendar import and management. This occurs due to a missing capability check on the
importCalendar function. Authenticated attackers with subscriber-level access or higher can import and manage arbitrary calendars.Recommendations
Update to a version of the Fluent Booking plugin later than 1.9.11.
Correção
Missing Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Fluent Booking