The Appointment Booking Calendar Plugin and Online Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to authentication bypass in versions 1.1.6 to 1.1.7. This is due to the plugin not properly verifying a user's identity prior to logging them in when completing a booking. This makes it possible for unauthenticated attackers to log in as registered users, including administrators, if they have access to that user's email. This is only exploitable when the 'Auto login user after successful booking' setting is enabled.
Metrics
Affected Vendors & Products
References
History
Thu, 08 Aug 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Reputeinfosystems
Reputeinfosystems appointment Booking Calendar Plugin And Scheduling Plugin Bookingpress |
|
CPEs | cpe:2.3:a:reputeinfosystems:appointment_booking_calendar_plugin_and_scheduling_plugin_bookingpress:*:*:*:*:*:*:*:* | |
Vendors & Products |
Reputeinfosystems
Reputeinfosystems appointment Booking Calendar Plugin And Scheduling Plugin Bookingpress |
|
Metrics |
ssvc
|
Thu, 08 Aug 2024 02:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Appointment Booking Calendar Plugin and Online Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to authentication bypass in versions 1.1.6 to 1.1.7. This is due to the plugin not properly verifying a user's identity prior to logging them in when completing a booking. This makes it possible for unauthenticated attackers to log in as registered users, including administrators, if they have access to that user's email. This is only exploitable when the 'Auto login user after successful booking' setting is enabled. | |
Title | Appointment Booking Calendar Plugin and Online Scheduling Plugin – BookingPress 1.1.6 - 1.1.7 - Authentication Bypass to Account Takeover | |
Weaknesses | CWE-288 | |
References |
|
|
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-08-08T02:32:06.827Z
Updated: 2024-08-08T13:23:12.522Z
Reserved: 2024-07-31T20:31:57.740Z
Link: CVE-2024-7350
Vulnrichment
Updated: 2024-08-08T13:22:40.873Z
NVD
Status : Awaiting Analysis
Published: 2024-08-08T03:15:34.800
Modified: 2024-08-08T13:04:18.753
Link: CVE-2024-7350
Redhat
No data.