The Scheduling Plugin – Online Booking for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cbsb_disconnect_settings' function in all versions up to, and including, 3.5.10. This makes it possible for unauthenticated attackers to disconnect the plugin from the startbooking service and remove connection data.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-06-18T02:37:12.621Z
Updated: 2024-08-01T18:48:20.634Z
Reserved: 2024-02-19T17:10:34.228Z
Link: CVE-2024-1634
Vulnrichment
Updated: 2024-08-01T18:48:20.634Z
NVD
Status : Modified
Published: 2024-06-18T03:15:09.580
Modified: 2024-11-21T08:50:58.150
Link: CVE-2024-1634
Redhat
No data.