3 matches found
WordPress Online Booking & Scheduling Calendar for WordPress by vcita Plugin <= 4.4.2 is vulnerable to Broken Access Control
Software Online Booking & Scheduling Calendar for WordPress by vcita Type Plugin Vulnerable versions = 4.4.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-2299 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID...
CVE-2023-2299 Online Booking & Scheduling Calendar for WordPress by vcita <= 4.4.2 - Missing Authorization on REST-API
The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized medication of data via the /wp-json/vcita-wordpress/v1/actions/auth REST-API endpoint in versions up to, and including, 4.4.2 due to a missing capability check on the processAction...
CVE-2023-2299
CVE-2023-2299 affects the Online Booking & Scheduling Calendar for WordPress by vcita plugin. The issue is an unauthorized data modification vulnerability via the REST-API endpoint /wp-json/vcita-wordpress/v1/actions/auth, caused by a missing capability check in the processAction function. It aff...