6 matches found
Exploit for CVE-2024-12558
CVE-2024-12558-exploit Description The WP BASE Booking of A...
CVE-2024-12558
The WP BASE Booking of Appointments, Services and Events plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportdb function in all versions up to, and including, 4.9.2. This makes it possible for authenticated attackers, with...
CVE-2024-12558
creationtimestamp| type| source ---|---|--- 2024-12-21 09:42:26+00:00| seen| https://infosec.exchange/users/cve/statuses/113690158402957170 2024-12-21 10:15:24+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3ldso7dstzc2k 2024-12-21 11:59:18+00:00| seen|...
CVE-2024-12558
CVE-2024-12558 affects the WordPress plugin WP BASE Booking of Appointments, Services and Events . The vulnerability is a missing capability check in the export_db function across all versions up to and including 4.9.2, enabling an authenticated attacker with Subscriber+ privileges to access sens...
CVE-2024-12558 WP BASE Booking of Appointments, Services and Events <= 4.9.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via app_export_db
The WP BASE Booking of Appointments, Services and Events plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportdb function in all versions up to, and including, 4.9.2. This makes it possible for authenticated attackers, with...
CVE-2024-12558 WP BASE Booking of Appointments, Services and Events <= 4.9.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via app_export_db
The WP BASE Booking of Appointments, Services and Events plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportdb function in all versions up to, and including, 4.9.2. This makes it possible for authenticated attackers, with...