Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 3:20 a.m.7 views

CVE-2023-2415

The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcitalogoutcallback function in versions up to, and including, 4.2.10. This makes it possible for authenticated attacker...

5.4CVSS5.1AI score0.00698EPSS
Exploits2References1
Patchstack
Patchstack
added 2023/06/05 12:0 a.m.14 views

WordPress Online Booking & Scheduling Calendar for WordPress by vcita Plugin <= 4.2.10 is vulnerable to Broken Access Control

Software Online Booking & Scheduling Calendar for WordPress by vcita Type Plugin Vulnerable versions = 4.2.10 Fixed in 4.3.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-2415 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID...

5.4CVSS6.5AI score0.00698EPSS
Exploits2References3Affected Software1
OSV
OSV
added 2023/06/03 5:15 a.m.4 views

CVE-2023-2415

The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcitalogoutcallback function in versions up to, and including, 4.2.10. This makes it possible for authenticated attacker...

5.4CVSS6.7AI score0.00698EPSS
Exploits2References3
CVE
CVE
added 2023/06/03 4:35 a.m.54 views

CVE-2023-2415

CVE-2023-2415 – vcita Online Booking & Scheduling Calendar for WordPress : A missing capability check in vcita_logout_callback allows authenticated users with minimal permissions (e.g., subscriber) to trigger data modifications and logout a connected account, causing a denial of service on the ap...

5.4CVSS5.3AI score0.00698EPSS
Exploits2References4Affected Software1
Rows per page
Query Builder