5.3
CVE-2022-4340
- EPSS 0.67%
- Veröffentlicht 02.01.2023 22:15:17
- Zuletzt bearbeitet 10.04.2025 19:15:53
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginBookingPress < 1.0.31 - Unauthenticated IDOR in appointment_id
BookingPress <= 1.0.30 - Unauthenticated Insecure Direct Object Reference
The BookingPress WordPress plugin before 1.0.31 suffers from an Insecure Direct Object Reference (IDOR) vulnerability in it's thank you page, allowing any visitor to display information about any booking, including full name, date, time and service booked, by manipulating the appointment_id query parameter.
Mögliche Gegenmaßnahme
Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress: Update to version 1.0.31, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Reputeinfosystems ≫ Bookingpress SwPlatformwordpress Version < 1.0.31
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress
Version
*-1.0.30
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.67% | 0.47 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
https://wpscan.com/vulnerability/8a7bd9f6-2789-474b-a237-01c643fdfba7
https://www.wordfence.com/threat-intel/vulnerabilities/id/8019da67-fd2c-48f8-8983-6fb8fb30510b