4 matches found
CVE-2024-0856
The Appointment Booking Calendar WordPress plugin before 1.3.83 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding a booking to the calendar without paying...
WordPress Appointment Booking Calendar Plugin < 1.3.83 is vulnerable to Cross Site Request Forgery (CSRF)
Software Appointment Booking Calendar Type Plugin Vulnerable versions 1.3.83 Fixed in 1.3.83 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-0856 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e19a0de45e57 Credits Sushil...
CVE-2024-0856
The Appointment Booking Calendar WordPress plugin before 1.3.83 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding a booking to the calendar without paying...
CVE-2024-0856
Summary: CVE-2024-0856 affects the WordPress plugin “Appointment Booking Calendar” prior to version 1.3.83. The issue is the absence of CSRF checks in certain areas, enabling logged-in users to be induced into performing unwanted actions (e.g., adding a booking without paying). Impact per sources...