CVE-2024-7129

Exploit

EPSS 15.59%
Veröffentlicht 13.09.2024 06:15:15
Zuletzt bearbeitet 15.09.2025 20:15:35
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.7.42 - Authenticated (Admin+) Remote Code Execution

The Appointment Booking Calendar WordPress plugin before 1.6.7.43 does not escape template syntax provided via user input, leading to Twig Template Injection which further exploited can result to remote code Execution by high privilege such as admins

Mögliche Gegenmaßnahme

Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin: Update to version 1.6.7.43, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 5

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin

Version *-1.6.7.42

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Nsqua ≫ Simply Schedule Appointments SwPlatformwordpress Version < 1.6.7.43

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	15.59%	0.945

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://wpscan.com/vulnerability/00ad9b1a-97a5-425f-841e-ea48f72ecda4/

Third Party Advisory

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/bb6f3607-d44f-452a-b3ad-55f036033480

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-7129

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-7129

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-7129

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-7129