CVE-2024-12274

Name of the Vulnerable Software and Affected Versions Appointment Booking Calendar Plugin and Scheduling Plugin versions prior to 1.1.23

Description The export settings functionality in the Appointment Booking Calendar Plugin and Scheduling Plugin exports data to a public folder with an easily guessable file name, allowing unauthenticated attackers to access the exported files if they exist. This issue can be exploited by accessing the easily guessable file name in the public folder where the exported files are stored.

Recommendations For versions prior to 1.1.23, update to version 1.1.23 or later to resolve the issue. As a temporary workaround, consider restricting access to the public folder where the exported files are stored to minimize the risk of exploitation. Avoid using the export settings functionality until the issue is resolved.