PT-2018-9848 · Wpdevart · Wpdevart Booking Calendar

Published

2018-06-13

Updated

2018-08-09

CVE-2018-10363

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions: WpDevArt Booking calendar, Appointment Booking System plugin version 2.2.2

Description: An issue in the plugin allows remote attackers to manipulate parameter values, potentially changing data such as prices.

Recommendations: For version 2.2.2, consider restricting access to the plugin's functionality until a patch is available, and avoid using parameters that can be manipulated by remote attackers.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2018-10363

Affected Products

Wpdevart Booking Calendar

PT-2018-9848 · Wpdevart · Wpdevart Booking Calendar

CVE-2018-10363

Weakness Enumeration

Related Identifiers

Affected Products

References · 3