CVE-2023-1129
WP FEvents Book <= 0.46 - Subscriber+ Arbitrary Booking Manipulation via IDOR
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 6.5EPSS 0.6%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
24 abr 2023Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
The WP FEvents Book WordPress plugin through 0.46 does not ensures that bookings to be updated belong to the user making the request, allowing any authenticated user to book, add notes, or cancel booking on behalf of other users.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Produtos afetados
Unknown · WP FEvents Book