Lucene search

[email protected]NVD:CVE-2022-4340

HistoryJan 02, 2023 - 10:15 p.m.

CVE-2022-4340

2023-01-0222:15:17

[email protected]

web.nvd.nist.gov

cve-2022-4340

insecure direct object reference

wordpress plugin

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

40.5%

JSON

The BookingPress WordPress plugin before 1.0.31 suffers from an Insecure Direct Object Reference (IDOR) vulnerability in it’s thank you page, allowing any visitor to display information about any booking, including full name, date, time and service booked, by manipulating the appointment_id query parameter.

Affected configurations

Nvd

Node

reputeinfosystemsbookingpressRange<1.0.31wordpress

VendorProductVersionCPE
reputeinfosystemsbookingpress*cpe:2.3:a:reputeinfosystems:bookingpress:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
reputeinfosystems	bookingpress	*	cpe:2.3:a:reputeinfosystems:bookingpress::::::wordpress::*

References

wpscan.com/vulnerability/8a7bd9f6-2789-474b-a237-01c643fdfba7

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

40.5%

JSON

Related for NVD:CVE-2022-4340

wpexploit1 cve1 prion1 wpvulndb1 cvelist1