The Appointment Booking Calendar WordPress plugin before 1.3.83 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding a booking to the calendar without paying.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2024-03-20T05:00:02.675Z

Updated: 2024-08-05T18:06:03.929Z

Reserved: 2024-01-24T11:38:06.130Z

Link: CVE-2024-0856

cve-icon Vulnrichment

Updated: 2024-08-01T18:18:18.979Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-03-20T05:15:45.433

Modified: 2024-11-21T08:47:30.880

Link: CVE-2024-0856

cve-icon Redhat

No data.