4 matches found
CVE-2023-2415
The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcitalogoutcallback function in versions up to, and including, 4.2.10. This makes it possible for authenticated attacker...
WordPress Online Booking & Scheduling Calendar for WordPress by vcita Plugin <= 4.2.10 is vulnerable to Broken Access Control
Software Online Booking & Scheduling Calendar for WordPress by vcita Type Plugin Vulnerable versions = 4.2.10 Fixed in 4.3.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-2415 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID...
CVE-2023-2415
The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcitalogoutcallback function in versions up to, and including, 4.2.10. This makes it possible for authenticated attacker...
CVE-2023-2415
CVE-2023-2415 – vcita Online Booking & Scheduling Calendar for WordPress : A missing capability check in vcita_logout_callback allows authenticated users with minimal permissions (e.g., subscriber) to trigger data modifications and logout a connected account, causing a denial of service on the ap...