Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 9:54 a.m.16 views

CVE-2024-0856

The Appointment Booking Calendar WordPress plugin before 1.3.83 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding a booking to the calendar without paying...

8.8CVSS6.8AI score0.00384EPSS
Exploits2References1
Patchstack
Patchstack
added 2024/03/21 12:0 a.m.15 views

WordPress Appointment Booking Calendar Plugin < 1.3.83 is vulnerable to Cross Site Request Forgery (CSRF)

Software Appointment Booking Calendar Type Plugin Vulnerable versions 1.3.83 Fixed in 1.3.83 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-0856 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e19a0de45e57 Credits Sushil...

8.8CVSS7AI score0.00384EPSS
Exploits2References4Affected Software1
NVD
NVD
added 2024/03/20 5:15 a.m.16 views

CVE-2024-0856

The Appointment Booking Calendar WordPress plugin before 1.3.83 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding a booking to the calendar without paying...

8.8CVSS6.4AI score0.00384EPSS
Exploits2References1
CVE
CVE
added 2024/03/20 5:0 a.m.78 views

CVE-2024-0856

Summary: CVE-2024-0856 affects the WordPress plugin “Appointment Booking Calendar” prior to version 1.3.83. The issue is the absence of CSRF checks in certain areas, enabling logged-in users to be induced into performing unwanted actions (e.g., adding a booking without paying). Impact per sources...

8.8CVSS8.6AI score0.00384EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder