2 matches found
CVE-2023-2414
The CVE-2023-2414 entry concerns the Online Booking & Scheduling Calendar for WordPress by vcita plugin. A missing capability check in vcita_save_settings_callback allows unauthorized data modification in versions up to and including 4.4.6. This enables authenticated attackers with minimal permis...
WordPress Online Booking & Scheduling Calendar for WordPress by vcita Plugin <= 4.4.2 is vulnerable to Arbitrary File Upload
Software Online Booking & Scheduling Calendar for WordPress by vcita Type Plugin Vulnerable versions = 4.4.2 Fixed in N/A OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-2414 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 69648001908f Credit...