Lucene search

K

PRIOn knowledge basePRION:CVE-2023-2834

HistoryJun 30, 2023 - 2:15 a.m.

Authentication flaw

2023-06-3002:15:00

PRIOn knowledge base

www.prio-n.com

11

vulnerable

authentication bypass

insufficient verification

unauthenticated attackers

administrator access

9.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

51.4%

The BookIt plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.3.7. This is due to insufficient verification on the user being supplied during booking an appointment through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.

CPENameOperatorVersion
bookitle2.3.7

References

lana.codes/lanavdb/0dea1346-fd60-4338-8af6-6f89c29075d4/

plugins.trac.wordpress.org/browser/bookit/tags/2.3.6/includes/classes/CustomerController.php

plugins.trac.wordpress.org/browser/bookit/tags/2.3.6/includes/classes/database/Customers.php

plugins.trac.wordpress.org/changeset/2919529/bookit

plugins.trac.wordpress.org/changeset/2925153/bookit

www.wordfence.com/blog/2023/06/stylemixthemes-addresses-authentication-bypass-vulnerability-in-bookit-wordpress-plugin/

www.wordfence.com/threat-intel/vulnerabilities/id/cfd32e46-a4fc-4c10-b546-9f9da75db791?source=cve

9.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

51.4%

Related for PRION:CVE-2023-2834

nvd1 packetstorm1 wordfence3 wpvulndb1 cve1 wpexploit1 cvelist1 thn1