CVE-2024-5071

Sažetak

The Bookster WordPress plugin through 1.1.0 allows adding sensitive parameters when validating appointments allowing attackers to manipulate the data sent when booking an appointment (the request body) to change its status from pending to approved.

Reference

https://wpscan.com/vulnerability/07b293cf-5174-45de-8606-a782a96a35b3/
https://wpscan.com/vulnerability/07b293cf-5174-45de-8606-a782a96a35b3/

CVSS

Base:	6.5
Impact:	3.6
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	HIGH	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Zadnje važnije ažuriranje

19-05-2025 - 21:02

Objavljeno

26-06-2024 - 06:15