CVE-2024-0856 Booking Calendar < 1.3.83 - CSRF appointment scheduling

2024-03-2005:00:02

WPScan

www.cve.org

booking calendar

csrf

wordpress

plugin

vulnerability

version 1.3.83

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

The Appointment Booking Calendar WordPress plugin before 1.3.83 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding a booking to the calendar without paying.

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Appointment Booking Calendar",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "1.3.83"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

wpscan.com/vulnerability/eb383600-0cff-4f24-8127-1fb118f0565a/