Lucene search
+L

58 matches found

Patchstack
Patchstack
added 2023/07/18 12:0 a.m.8 views

WordPress BookIt Plugin < 2.4.0 is vulnerable to Cross Site Scripting (XSS)

Software BookIt Type Plugin Vulnerable versions 2.4.0 Fixed in 2.4.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Liquid Web / StellarWP PSID 6ec153a6ea5e Credits Rafie Muhammad Patchstack Required...

6.8AI score0.00284EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/06/30 2:15 a.m.7 views

CVE-2023-2834

The BookIt plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.3.7. This is due to insufficient verification on the user being supplied during booking an appointment through the plugin. This makes it possible for unauthenticated attackers to log in as a...

9.8CVSS7.4AI score0.01914EPSS
Exploits3References8
NVD
NVD
added 2023/06/30 2:15 a.m.37 views

CVE-2023-2834

The BookIt plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.3.7. This is due to insufficient verification on the user being supplied during booking an appointment through the plugin. This makes it possible for unauthenticated attackers to log in as a...

9.8CVSS9.7AI score0.01914EPSS
Exploits3References7
Cvelist
Cvelist
added 2023/06/30 1:56 a.m.43 views

CVE-2023-2834 BookIt <= 2.3.7 - Authentication Bypass

The BookIt plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.3.7. This is due to insufficient verification on the user being supplied during booking an appointment through the plugin. This makes it possible for unauthenticated attackers to log in as a...

9.8CVSS9.8AI score0.01914EPSS
Exploits3References7
CVE
CVE
added 2023/06/30 1:56 a.m.64 views

CVE-2023-2834

CVE-2023-2834 affects the BookIt WordPress plugin up to version 2.3.7, enabling authentication bypass by exploiting insufficient user verification during booking. An unauthenticated attacker can log in as an existing user (e.g., administrator) if they can provide a valid email, as described in Wo...

9.8CVSS9.5AI score0.01914EPSS
Exploits3References7Affected Software1
CNNVD
CNNVD
added 2023/06/30 12:0 a.m.10 views

WordPress Plugin BookIt 访问控制错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

9.8CVSS8.7AI score0.01914EPSS
Exploits3References8
Positive Technologies
Positive Technologies
added 2023/06/22 12:0 a.m.9 views

PT-2023-21662 · WordPress · Bookit

Name of the Vulnerable Software and Affected Versions: BookIt plugin for WordPress versions up to, and including, 2.3.7 Description: The BookIt plugin for WordPress has an authentication bypass issue due to insufficient verification of the user being supplied during booking an appointment through...

9.8CVSS9.7AI score0.01914EPSS
Exploits3References12
Wordfence Blog
Wordfence Blog
added 2023/06/20 1:38 p.m.20 views

StylemixThemes Addresses Authentication Bypass Vulnerability in BookIt WordPress Plugin

On May 22, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for an Authentication Bypass vulnerability in StylemixThemes’s BookIt plugin, which is actively installed on more than 10,000 WordPress websites. The vulnerability makes it possible for...

10AI score0.01914EPSS
Exploits3
WPVulnDB
WPVulnDB
added 2023/06/20 12:0 a.m.25 views

BookIt < 2.3.8 - Authentication Bypass

The plugin does not perform any authorisation check when a user book an appointment using an email from an existing account, allowing unauthenticated attackers to login as any user from the blog by providing their email address PoC On a page where the bookit is embed, book an appointment using an...

9.8CVSS9AI score0.01914EPSS
Exploits3References1Affected Software1
wpexploit
wpexploit
added 2023/06/20 12:0 a.m.138 views

BookIt < 2.3.8 - Authentication Bypass

The plugin does not perform any authorisation check when a user book an appointment using an email from an existing account, allowing unauthenticated attackers to login as any user from the blog by providing their email address On a page where the bookit is embed, book an appointment using an ema...

9.8CVSS9.2AI score0.01914EPSS
Exploits3References1
Patchstack
Patchstack
added 2023/06/20 12:0 a.m.15 views

WordPress BookIt Plugin <= 2.3.7 is vulnerable to Broken Authentication

Software BookIt Type Plugin Vulnerable versions = 2.3.7 Fixed in 2.3.8 OWASP Top 10 A5: Broken Access Control Classification Broken Authentication CVE CVE-2023-2834 Patch priority High CVSS severity High 9.8 Developer Liquid Web / StellarWP PSID ed15436eaa6b Credits István Márton Required privile...

9.8CVSS6.5AI score0.01914EPSS
Exploits3References3Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.8 views

WordPress BookIt plugin < 2.2.9 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress BookIt plugin versions 2.2.9. Solution Update the WordPress BookIt plugin to the latest available version at least 2.2.9...

2.2AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.13 views

WordPress BookIt plugin < 2.2.9 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress BookIt plugin versions 2.2.9. Solution Update the WordPress BookIt plugin to the latest available version at least 2.2.9...

3.8AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2021/06/30 12:0 a.m.8 views

WordPress BookIt plugin <= 2.1.5 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by WPScanTeam in WordPress BookIt plugin versions = 2.1.5. Solution Update the WordPress BookIt plugin to the latest available version at least 2.1.6...

3.3AI score
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2021/06/30 12:0 a.m.12 views

Booking Calendar | Appointment Booking | BookIt < 2.1.6 - Authorised AJAX Calls

The plugin does not properly check for CSRF in some of its AJAX actions, allowing them to be bypassed. Attackers could make logged in users call them and perform unwanted actions...

4.6AI score
Exploits0Affected Software1
NVD
NVD
added 2002/10/04 4:0 a.m.12 views

CVE-2002-0933

Datalex PLC BookIt! Consumer before 2.2 stores usernames and passwords in plaintext in a cookie, which could allow remote attackers to gain privileges via Cross-site scripting or sniffing attacks...

7.5CVSS6.7AI score0.01571EPSS
Exploits0References3
Cvelist
Cvelist
added 2002/08/31 4:0 a.m.20 views

CVE-2002-0933

Datalex PLC BookIt! Consumer before 2.2 stores usernames and passwords in plaintext in a cookie, which could allow remote attackers to gain privileges via Cross-site scripting or sniffing attacks...

6.7AI score0.01571EPSS
Exploits0References3
CVE
CVE
added 2002/08/31 4:0 a.m.41 views

CVE-2002-0933

CVE-2002-0933 affects Datalex PLC BookIt! Consumer prior to version 2.2. The issue stems from usernames/passwords being stored in plaintext in a cookie, enabling remote attackers to gain privileges through cross-site scripting or sniffing. The NVD metrics indicate partial impact to confidentialit...

7.5CVSS7AI score0.01571EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder