7.2
CVE-2024-7129
- EPSS 1.14%
- Veröffentlicht 13.09.2024 06:15:15
- Zuletzt bearbeitet 15.09.2025 20:15:35
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginAppointment Booking Calendar < 1.6.7.43 - Admin+ Template Injection to RCE
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.7.42 - Authenticated (Admin+) Remote Code Execution
The Appointment Booking Calendar WordPress plugin before 1.6.7.43 does not escape template syntax provided via user input, leading to Twig Template Injection which further exploited can result to remote code Execution by high privilege such as admins
Mögliche Gegenmaßnahme
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin: Update to version 1.6.7.43, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Nsqua ≫ Simply Schedule Appointments SwPlatformwordpress Version < 1.6.7.43
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin
Version
*-1.6.7.42
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.14% | 0.624 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
https://wpscan.com/vulnerability/00ad9b1a-97a5-425f-841e-ea48f72ecda4/
https://www.wordfence.com/threat-intel/vulnerabilities/id/bb6f3607-d44f-452a-b3ad-55f036033480