Lucene search
K

31 matches found

NVD
NVD
added 2023/06/30 2:15 a.m.35 views

CVE-2023-2834

The BookIt plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.3.7. This is due to insufficient verification on the user being supplied during booking an appointment through the plugin. This makes it possible for unauthenticated attackers to log in as a...

9.8CVSS9.7AI score0.01914EPSS
Exploits3References7
ATTACKERKB
ATTACKERKB
added 2023/06/30 2:15 a.m.7 views

CVE-2023-2834

The BookIt plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.3.7. This is due to insufficient verification on the user being supplied during booking an appointment through the plugin. This makes it possible for unauthenticated attackers to log in as a...

9.8CVSS7.4AI score0.01914EPSS
Exploits3References8
CVE
CVE
added 2023/06/30 1:56 a.m.64 views

CVE-2023-2834

CVE-2023-2834 affects the BookIt WordPress plugin up to version 2.3.7, enabling authentication bypass by exploiting insufficient user verification during booking. An unauthenticated attacker can log in as an existing user (e.g., administrator) if they can provide a valid email, as described in Wo...

9.8CVSS9.5AI score0.01914EPSS
Exploits3References7Affected Software1
Cvelist
Cvelist
added 2023/06/30 1:56 a.m.40 views

CVE-2023-2834 BookIt <= 2.3.7 - Authentication Bypass

The BookIt plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.3.7. This is due to insufficient verification on the user being supplied during booking an appointment through the plugin. This makes it possible for unauthenticated attackers to log in as a...

9.8CVSS9.8AI score0.01914EPSS
Exploits3References7
CNNVD
CNNVD
added 2023/06/30 12:0 a.m.9 views

WordPress Plugin BookIt 访问控制错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

9.8CVSS8.7AI score0.01914EPSS
Exploits3References8
Wordfence Blog
Wordfence Blog
added 2023/06/20 1:38 p.m.19 views

StylemixThemes Addresses Authentication Bypass Vulnerability in BookIt WordPress Plugin

On May 22, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for an Authentication Bypass vulnerability in StylemixThemes’s BookIt plugin, which is actively installed on more than 10,000 WordPress websites. The vulnerability makes it possible for...

10AI score0.01914EPSS
Exploits3
WPVulnDB
WPVulnDB
added 2023/06/20 12:0 a.m.25 views

BookIt < 2.3.8 - Authentication Bypass

The plugin does not perform any authorisation check when a user book an appointment using an email from an existing account, allowing unauthenticated attackers to login as any user from the blog by providing their email address PoC On a page where the bookit is embed, book an appointment using an...

9.8CVSS9AI score0.01914EPSS
Exploits3References1Affected Software1
Patchstack
Patchstack
added 2023/06/20 12:0 a.m.14 views

WordPress BookIt Plugin <= 2.3.7 is vulnerable to Broken Authentication

Software BookIt Type Plugin Vulnerable versions = 2.3.7 Fixed in 2.3.8 OWASP Top 10 A5: Broken Access Control Classification Broken Authentication CVE CVE-2023-2834 Patch priority High CVSS severity High 9.8 Developer Liquid Web / StellarWP PSID ed15436eaa6b Credits István Márton Required privile...

9.8CVSS6.5AI score0.01914EPSS
Exploits3References3Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.7 views

WordPress BookIt plugin < 2.2.9 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress BookIt plugin versions 2.2.9. Solution Update the WordPress BookIt plugin to the latest available version at least 2.2.9...

2.2AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.13 views

WordPress BookIt plugin < 2.2.9 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress BookIt plugin versions 2.2.9. Solution Update the WordPress BookIt plugin to the latest available version at least 2.2.9...

3.8AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2021/06/30 12:0 a.m.7 views

WordPress BookIt plugin <= 2.1.5 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by WPScanTeam in WordPress BookIt plugin versions = 2.1.5. Solution Update the WordPress BookIt plugin to the latest available version at least 2.1.6...

3.3AI score
Exploits0References2Affected Software1
Rows per page
Query Builder