The WP FEvents Book WordPress plugin through 0.46 does not ensures that bookings to be updated belong to the user making the request, allowing any authenticated user to book, add notes, or cancel booking on behalf of other users.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/d40479de-fb04-41b8-9fb0-41b9eefbd8af | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2023-04-24T18:30:52.240Z
Updated: 2023-04-24T18:30:52.240Z
Reserved: 2023-03-01T18:23:38.681Z
Link: CVE-2023-1129
JSON object: View
NVD Information
Status : Modified
Published: 2023-04-24T19:15:09.267
Modified: 2023-11-07T04:02:34.117
Link: CVE-2023-1129
JSON object: View
Redhat Information
No data.
CWE
No CWE.