PT-2024-34395 · WordPress · The Bookster
Captain__Noob
+1
·
Published
2024-06-26
·
Updated
2024-10-28
·
CVE-2024-5071
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions:
The Bookster WordPress plugin versions prior to 1.1.1
Description:
The issue allows attackers to manipulate the data sent when booking an appointment by adding sensitive parameters when validating appointments, potentially changing the status from pending to approved.
Recommendations:
For The Bookster WordPress plugin versions prior to 1.1.1, update to version 1.1.1 or later to resolve the issue.
Exploit
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
The Bookster