WordPress CB (legacy) plugin <= 0.9.4.18 - Code/Timeframe/Booking Deletion via CSRF vulnerability

Code/Timeframe/Booking Deletion via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin CB legacy versions = 0.9.4.18...

CVE-2024-4382

The CB legacy WordPress plugin through 0.9.4.18 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting codes, timeframes, and bookings via CSRF attacks...

CVE-2024-4382 CB (legacy) <= 0.9.4.18 - Code/Timeframe/Booking Deletion via CSRF

The CB legacy WordPress plugin through 0.9.4.18 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting codes, timeframes, and bookings via CSRF attacks...

CVE-2024-4381 CB (legacy) <= 0.9.4.18 - Admin+ Stored XSS

The CB legacy WordPress plugin through 0.9.4.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress plugin CB security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress plugin CB security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...