Lucene search
K

4 matches found

Cvelist
Cvelist
added 2023/04/24 6:30 p.m.32 views

CVE-2023-1129 WP FEvents Book <= 0.46 - Subscriber+ Arbitrary Booking Manipulation via IDOR

The WP FEvents Book WordPress plugin through 0.46 does not ensures that bookings to be updated belong to the user making the request, allowing any authenticated user to book, add notes, or cancel booking on behalf of other users...

6.6AI score0.00555EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/04/24 6:30 p.m.4 views

CVE-2023-1129 WP FEvents Book <= 0.46 - Subscriber+ Arbitrary Booking Manipulation via IDOR

The WP FEvents Book WordPress plugin through 0.46 does not ensures that bookings to be updated belong to the user making the request, allowing any authenticated user to book, add notes, or cancel booking on behalf of other users...

6.6AI score0.00555EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/04/03 12:0 a.m.89 views

WP FEvents Book <= 0.46 - Subscriber+ Arbitrary Booking Manipulation via IDOR

The plugin does not ensures that bookings to be updated belong to the user making the request, allowing any authenticated user to book, add notes, or cancel booking on behalf of other users. 1. Book or cancel booking an event using an authenticated user. 2. Intercept the request using an HTTP Pro...

6.5CVSS6.9AI score0.00555EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2023/04/03 12:0 a.m.13 views

WP FEvents Book <= 0.46 - Subscriber+ Arbitrary Booking Manipulation via IDOR

The plugin does not ensures that bookings to be updated belong to the user making the request, allowing any authenticated user to book, add notes, or cancel booking on behalf of other users. PoC 1. Book or cancel booking an event using an authenticated user. 2. Intercept the request using an HTTP...

6.5CVSS6.7AI score0.00555EPSS
Exploits2Affected Software1
Rows per page
Query Builder