The Appointment Booking Calendar WordPress plugin before 1.3.83 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding a booking to the calendar without paying.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2024-03-20T05:00:02.675Z
Updated: 2024-08-05T18:06:03.929Z
Reserved: 2024-01-24T11:38:06.130Z
Link: CVE-2024-0856
Vulnrichment
Updated: 2024-08-01T18:18:18.979Z
NVD
Status : Awaiting Analysis
Published: 2024-03-20T05:15:45.433
Modified: 2024-11-21T08:47:30.880
Link: CVE-2024-0856
Redhat
No data.