The Scheduling Plugin – Online Booking for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cbsb_disconnect_settings' function in all versions up to, and including, 3.5.10. This makes it possible for unauthenticated attackers to disconnect the plugin from the startbooking service and remove connection data.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-06-18T02:37:12.621Z

Updated: 2024-08-01T18:48:20.634Z

Reserved: 2024-02-19T17:10:34.228Z

Link: CVE-2024-1634

cve-icon Vulnrichment

Updated: 2024-08-01T18:48:20.634Z

cve-icon NVD

Status : Modified

Published: 2024-06-18T03:15:09.580

Modified: 2024-11-21T08:50:58.150

Link: CVE-2024-1634

cve-icon Redhat

No data.