PT-2024-27605 · Vcita · Vcita Online Booking & Scheduling Calendar
João Pedro S Alcântara
·
Published
2024-07-09
·
Updated
2025-06-09
·
CVE-2024-37499
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
vCita Online Booking & Scheduling Calendar for WordPress by vcita versions through 4.4.2
Description
The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as a Path Traversal vulnerability. This allows for Path Traversal, which can potentially be exploited.
Recommendations
For versions through 4.4.2, update to a version later than 4.4.2 to resolve the issue.
At the moment, there is no information about other specific mitigation measures for this vulnerability.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Vcita Online Booking & Scheduling Calendar