CVE-2024-10729

Name of the Vulnerable Software and Affected Versions Booking & Appointment Plugin for WooCommerce version 6.9.0 and earlier

Description The issue is related to a missing capability check in the save google calendar data function, allowing authenticated attackers with subscriber-level permissions or above to update site options arbitrarily. This enables unauthorized modification of data.

Recommendations For versions up to and including 6.9.0, update to a version later than 6.9.0 to resolve the issue. As a temporary workaround, consider restricting access to the save google calendar data function until a patch is available. Restrict permissions to prevent attackers with subscriber-level permissions or above from exploiting the vulnerability.