Products
Booking Ultra Pro Appointments Booking Calendar Plugin plugin for WordPress
- up to 1.1.13
Source
security@wordfence.com
Tags
CVE-2024-6175 details
Last Modified : July 18, 2024, 12:28 p.m.
Description
The Booking Ultra Pro Appointments Booking Calendar Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the multiple functions in all versions up to, and including, 1.1.13. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify and delete. multiple plugin options and data such as payments, pricing, booking information, business hours, calendars, profile information, and email templates.
CVSS Score
1 | 2 | 3 | 4 | 5.4 | 6 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
Base Score
5.4
Exploitability Score
2.8
Impact Score
2.5
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
References
URL | Source |
---|---|
https://wordpress.org/plugins/booking-ultra-pro/#description | security@wordfence.com |
https://www.wordfence.com/threat-intel/vulnerabilities/id/0594ed62-0a41-4819-89b8-ea31afbcac73?source=cve | security@wordfence.com |