31 matches found
CVE-2023-2834
The BookIt plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.3.7. This is due to insufficient verification on the user being supplied during booking an appointment through the plugin. This makes it possible for unauthenticated attackers to log in as a...
CVE-2023-2834
The BookIt plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.3.7. This is due to insufficient verification on the user being supplied during booking an appointment through the plugin. This makes it possible for unauthenticated attackers to log in as a...
CVE-2023-2834
CVE-2023-2834 affects the BookIt WordPress plugin up to version 2.3.7, enabling authentication bypass by exploiting insufficient user verification during booking. An unauthenticated attacker can log in as an existing user (e.g., administrator) if they can provide a valid email, as described in Wo...
CVE-2023-2834 BookIt <= 2.3.7 - Authentication Bypass
The BookIt plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.3.7. This is due to insufficient verification on the user being supplied during booking an appointment through the plugin. This makes it possible for unauthenticated attackers to log in as a...
WordPress Plugin BookIt 访问控制错误漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
StylemixThemes Addresses Authentication Bypass Vulnerability in BookIt WordPress Plugin
On May 22, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for an Authentication Bypass vulnerability in StylemixThemes’s BookIt plugin, which is actively installed on more than 10,000 WordPress websites. The vulnerability makes it possible for...
BookIt < 2.3.8 - Authentication Bypass
The plugin does not perform any authorisation check when a user book an appointment using an email from an existing account, allowing unauthenticated attackers to login as any user from the blog by providing their email address PoC On a page where the bookit is embed, book an appointment using an...
WordPress BookIt Plugin <= 2.3.7 is vulnerable to Broken Authentication
Software BookIt Type Plugin Vulnerable versions = 2.3.7 Fixed in 2.3.8 OWASP Top 10 A5: Broken Access Control Classification Broken Authentication CVE CVE-2023-2834 Patch priority High CVSS severity High 9.8 Developer Liquid Web / StellarWP PSID ed15436eaa6b Credits István Márton Required privile...
WordPress BookIt plugin < 2.2.9 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress BookIt plugin versions 2.2.9. Solution Update the WordPress BookIt plugin to the latest available version at least 2.2.9...
WordPress BookIt plugin < 2.2.9 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress BookIt plugin versions 2.2.9. Solution Update the WordPress BookIt plugin to the latest available version at least 2.2.9...
WordPress BookIt plugin <= 2.1.5 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability discovered by WPScanTeam in WordPress BookIt plugin versions = 2.1.5. Solution Update the WordPress BookIt plugin to the latest available version at least 2.1.6...