58 matches found
WordPress BookIt Plugin < 2.4.0 is vulnerable to Cross Site Scripting (XSS)
Software BookIt Type Plugin Vulnerable versions 2.4.0 Fixed in 2.4.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Liquid Web / StellarWP PSID 6ec153a6ea5e Credits Rafie Muhammad Patchstack Required...
CVE-2023-2834
The BookIt plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.3.7. This is due to insufficient verification on the user being supplied during booking an appointment through the plugin. This makes it possible for unauthenticated attackers to log in as a...
CVE-2023-2834
The BookIt plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.3.7. This is due to insufficient verification on the user being supplied during booking an appointment through the plugin. This makes it possible for unauthenticated attackers to log in as a...
CVE-2023-2834 BookIt <= 2.3.7 - Authentication Bypass
The BookIt plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.3.7. This is due to insufficient verification on the user being supplied during booking an appointment through the plugin. This makes it possible for unauthenticated attackers to log in as a...
CVE-2023-2834
CVE-2023-2834 affects the BookIt WordPress plugin up to version 2.3.7, enabling authentication bypass by exploiting insufficient user verification during booking. An unauthenticated attacker can log in as an existing user (e.g., administrator) if they can provide a valid email, as described in Wo...
WordPress Plugin BookIt 访问控制错误漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
PT-2023-21662 · WordPress · Bookit
Name of the Vulnerable Software and Affected Versions: BookIt plugin for WordPress versions up to, and including, 2.3.7 Description: The BookIt plugin for WordPress has an authentication bypass issue due to insufficient verification of the user being supplied during booking an appointment through...
StylemixThemes Addresses Authentication Bypass Vulnerability in BookIt WordPress Plugin
On May 22, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for an Authentication Bypass vulnerability in StylemixThemes’s BookIt plugin, which is actively installed on more than 10,000 WordPress websites. The vulnerability makes it possible for...
BookIt < 2.3.8 - Authentication Bypass
The plugin does not perform any authorisation check when a user book an appointment using an email from an existing account, allowing unauthenticated attackers to login as any user from the blog by providing their email address PoC On a page where the bookit is embed, book an appointment using an...
BookIt < 2.3.8 - Authentication Bypass
The plugin does not perform any authorisation check when a user book an appointment using an email from an existing account, allowing unauthenticated attackers to login as any user from the blog by providing their email address On a page where the bookit is embed, book an appointment using an ema...
WordPress BookIt Plugin <= 2.3.7 is vulnerable to Broken Authentication
Software BookIt Type Plugin Vulnerable versions = 2.3.7 Fixed in 2.3.8 OWASP Top 10 A5: Broken Access Control Classification Broken Authentication CVE CVE-2023-2834 Patch priority High CVSS severity High 9.8 Developer Liquid Web / StellarWP PSID ed15436eaa6b Credits István Márton Required privile...
WordPress BookIt plugin < 2.2.9 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress BookIt plugin versions 2.2.9. Solution Update the WordPress BookIt plugin to the latest available version at least 2.2.9...
WordPress BookIt plugin < 2.2.9 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress BookIt plugin versions 2.2.9. Solution Update the WordPress BookIt plugin to the latest available version at least 2.2.9...
WordPress BookIt plugin <= 2.1.5 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability discovered by WPScanTeam in WordPress BookIt plugin versions = 2.1.5. Solution Update the WordPress BookIt plugin to the latest available version at least 2.1.6...
Booking Calendar | Appointment Booking | BookIt < 2.1.6 - Authorised AJAX Calls
The plugin does not properly check for CSRF in some of its AJAX actions, allowing them to be bypassed. Attackers could make logged in users call them and perform unwanted actions...
CVE-2002-0933
Datalex PLC BookIt! Consumer before 2.2 stores usernames and passwords in plaintext in a cookie, which could allow remote attackers to gain privileges via Cross-site scripting or sniffing attacks...
CVE-2002-0933
Datalex PLC BookIt! Consumer before 2.2 stores usernames and passwords in plaintext in a cookie, which could allow remote attackers to gain privileges via Cross-site scripting or sniffing attacks...
CVE-2002-0933
CVE-2002-0933 affects Datalex PLC BookIt! Consumer prior to version 2.2. The issue stems from usernames/passwords being stored in plaintext in a cookie, enabling remote attackers to gain privileges through cross-site scripting or sniffing. The NVD metrics indicate partial impact to confidentialit...