6 matches found
CVE-2022-4340
The BookingPress WordPress plugin before 1.0.31 suffers from an Insecure Direct Object Reference IDOR vulnerability in it's thank you page, allowing any visitor to display information about any booking, including full name, date, time and service booked, by manipulating the appointmentid query...
CVE-2022-4340
creationtimestamp| type| source ---|---|--- 2023-01-03 00:29:47+00:00| seen| https://t.me/cibsecurity/55772...
CVE-2022-4340
The BookingPress WordPress plugin before 1.0.31 suffers from an Insecure Direct Object Reference IDOR vulnerability in it's thank you page, allowing any visitor to display information about any booking, including full name, date, time and service booked, by manipulating the appointmentid query...
CVE-2022-4340 BookingPress < 1.0.31 - Unauthenticated IDOR in appointment_id
The BookingPress WordPress plugin before 1.0.31 suffers from an Insecure Direct Object Reference IDOR vulnerability in it's thank you page, allowing any visitor to display information about any booking, including full name, date, time and service booked, by manipulating the appointmentid query...
CVE-2022-4340
BookingPress WordPress plugin (versions before 1.0.31) is affected by an Insecure Direct Object Reference (IDOR) in the thank-you page. The underlying issue enables unauthenticated users to view booking details (full name, date, time, service) by altering the appointment_id parameter. Reported in...
CVE-2022-4340 BookingPress < 1.0.31 - Unauthenticated IDOR in appointment_id
The BookingPress WordPress plugin before 1.0.31 suffers from an Insecure Direct Object Reference IDOR vulnerability in it's thank you page, allowing any visitor to display information about any booking, including full name, date, time and service booked, by manipulating the appointmentid query...