← voltar
CVE-2023-1129

WP FEvents Book <= 0.46 - Subscriber+ Arbitrary Booking Manipulation via IDOR

CVSS 6.5 MEDIUMEPSS 0.6%
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 6.5EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
24 abr 2023Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
The WP FEvents Book WordPress plugin through 0.46 does not ensures that bookings to be updated belong to the user making the request, allowing any authenticated user to book, add notes, or cancel booking on behalf of other users.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N