CVE-2024-0856

🗓️ 20 Mar 2024 05:00:02Reported by WPScanType

cve🔗 web.nvd.nist.gov👁 75 Views🌐 WEB

The Appointment Booking Calendar WordPress plugin before 1.3.83 is vulnerable to CSRF attacks

Reporter	Title	Published	Views	Family All 10
CNNVD	WordPress Plugin Appointment Booking Calendar Security Vulnerability	20 Mar 202400:00	–	cnnvd
Cvelist	CVE-2024-0856 Booking Calendar < 1.3.83 - CSRF appointment scheduling	20 Mar 202405:00	–	cvelist
NVD	CVE-2024-0856	20 Mar 202405:15	–	nvd
OSV	CVE-2024-0856	20 Mar 202405:15	–	osv
Patchstack	WordPress Appointment Booking Calendar Plugin < 1.3.83 is vulnerable to Cross Site Request Forgery (CSRF)	21 Mar 202400:00	–	patchstack
Positive Technologies	PT-2024-15869 · WordPress · Appointment Booking Calendar	19 Mar 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-0856	23 May 202509:54	–	redhatcve
Vulnrichment	CVE-2024-0856 Booking Calendar < 1.3.83 - CSRF appointment scheduling	20 Mar 202405:00	–	vulnrichment
wpexploit	Booking Calendar < 1.3.83 - CSRF appointment scheduling	28 Feb 202400:00	–	wpexploit
WPVulnDB	Booking Calendar < 1.3.83 - CSRF appointment scheduling	28 Feb 202400:00	–	wpvulndb

NVD

Vulners

Vulnrichment

Node

codepeople appointment_booking_calendarRange<1.3.83wordpress

[
  {
    "vendor": "Unknown",
    "product": "Appointment Booking Calendar",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "1.3.83"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/eb383600-0cff-4f24-8127-1fb118f0565a/

Parameter	Position	Path	Description	CWE
cpabc_appointments_post	request body	/wp-admin/admin.php?page=cpabc_appointments.php&cal=1&addbk=1&r=0.1210213745316624	CSRF vulnerability allowing logged-in users to perform actions (e.g., add a booking) without proper CSRF checks.	CWE-352
cpabc_appointments_utime	request body	/wp-admin/admin.php?page=cpabc_appointments.php&cal=1&addbk=1&r=0.1210213745316624	CSRF vulnerability allowing logged-in users to perform actions (e.g., add a booking) without proper CSRF checks.	CWE-352
cpabc_item	request body	/wp-admin/admin.php?page=cpabc_appointments.php&cal=1&addbk=1&r=0.1210213745316624	CSRF vulnerability allowing logged-in users to perform actions (e.g., add a booking) without proper CSRF checks.	CWE-352
selDaycal1	request body	/wp-admin/admin.php?page=cpabc_appointments.php&cal=1&addbk=1&r=0.1210213745316624	CSRF vulnerability allowing logged-in users to perform actions (e.g., add a booking) without proper CSRF checks.	CWE-352
selMonthcal1	request body	/wp-admin/admin.php?page=cpabc_appointments.php&cal=1&addbk=1&r=0.1210213745316624	CSRF vulnerability allowing logged-in users to perform actions (e.g., add a booking) without proper CSRF checks.	CWE-352
selYearcal1	request body	/wp-admin/admin.php?page=cpabc_appointments.php&cal=1&addbk=1&r=0.1210213745316624	CSRF vulnerability allowing logged-in users to perform actions (e.g., add a booking) without proper CSRF checks.	CWE-352
selHourcal1	request body	/wp-admin/admin.php?page=cpabc_appointments.php&cal=1&addbk=1&r=0.1210213745316624	CSRF vulnerability allowing logged-in users to perform actions (e.g., add a booking) without proper CSRF checks.	CWE-352
selMinutecal1	request body	/wp-admin/admin.php?page=cpabc_appointments.php&cal=1&addbk=1&r=0.1210213745316624	CSRF vulnerability allowing logged-in users to perform actions (e.g., add a booking) without proper CSRF checks.	CWE-352
sendemails_admin	request body	/wp-admin/admin.php?page=cpabc_appointments.php&cal=1&addbk=1&r=0.1210213745316624	CSRF vulnerability allowing logged-in users to perform actions (e.g., add a booking) without proper CSRF checks.	CWE-352
freq	request body	/wp-admin/admin.php?page=cpabc_appointments.php&cal=1&addbk=1&r=0.1210213745316624	CSRF vulnerability allowing logged-in users to perform actions (e.g., add a booking) without proper CSRF checks.	CWE-352

17 Jun 2026 06:54Current

8.6High risk

Vulners AI Score8.6

CVSS 3.18.8

EPSS0.00384

SSVC

CWE-352