Lucene search
K

4 matches found

Cvelist
Cvelist
added 2023/04/24 6:30 p.m.32 views

CVE-2023-1129 WP FEvents Book <= 0.46 - Subscriber+ Arbitrary Booking Manipulation via IDOR

The WP FEvents Book WordPress plugin through 0.46 does not ensures that bookings to be updated belong to the user making the request, allowing any authenticated user to book, add notes, or cancel booking on behalf of other users...

6.6AI score0.00555EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/04/24 6:30 p.m.4 views

CVE-2023-1129 WP FEvents Book <= 0.46 - Subscriber+ Arbitrary Booking Manipulation via IDOR

The WP FEvents Book WordPress plugin through 0.46 does not ensures that bookings to be updated belong to the user making the request, allowing any authenticated user to book, add notes, or cancel booking on behalf of other users...

6.6AI score0.00555EPSS
Exploits2References1
CVE
CVE
added 2023/04/24 6:30 p.m.56 views

CVE-2023-1129

CVE-2023-1129 concerns WP FEvents Book WordPress plugin (versions &lt;= 0.46). The vulnerability arises from improper access control: bookings to be updated are not verified as belonging to the requesting user, enabling any authenticated user (subscriber level) to book, add notes, or cancel booki...

6.5CVSS6.6AI score0.00555EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2023/04/05 12:0 a.m.19 views

WordPress WP FEvents Book Plugin <= 0.46 is vulnerable to Insecure Direct Object References (IDOR)

Software WP FEvents Book Type Plugin Vulnerable versions = 0.46 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-1129 Patch priority Low CVSS severity Low 6.3 Developer Claim ownership PSID bdca07c43d3d Credits Ameen Alkurdy...

6.5CVSS6.5AI score0.00555EPSS
Exploits2References2Affected Software1
Rows per page
Query Builder