5.3
CVE-2022-0919
- EPSS 1.13%
- Veröffentlicht 11.04.2022 15:15:08
- Zuletzt bearbeitet 21.11.2024 06:39:40
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginSalon booking system < 7.6.3 - Unauthenticated Sensitive Data Disclosure
Salon Booking System and Salon Booking System Pro <= 7.6.2 - Sensitive Data Disclosure
The Salon booking system Free and pro WordPress plugins before 7.6.3 do not have proper authorisation when searching bookings, allowing any unauthenticated users to search other's booking, as well as retrieve sensitive information about the bookings, such as the full name, email and phone number of the person who booked it.
Mögliche Gegenmaßnahme
Salon Booking System – Free Version: Update to version 7.6.3, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Salonbookingsystem ≫ Salon Booking System SwPlatformwordpress Version < 7.6.3
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Salon Booking System – Free Version
Version
*-7.6.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.13% | 0.62 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
https://wpscan.com/vulnerability/e8f32e0b-4a89-460b-bb78-7c83ef5e16b4
https://www.wordfence.com/threat-intel/vulnerabilities/id/a82ac1c9-e037-4afa-b433-2efef2e61403