4 matches found
CVE-2024-13442
The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.0. This is due to the plugin not properly validating a user's identity prior to 1 performing a post-booking auto-login or 2 updating their profile...
CVE-2024-13442 Service Finder Bookings <= 5.0 - Unauthenticated Privilege Escalation via Account Takeover
The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.0. This is due to the plugin not properly validating a user's identity prior to 1 performing a post-booking auto-login or 2 updating their profile...
CVE-2024-13442
CVE-2024-13442 affects the WordPress plugin Service Finder Bookings up to and including version 5.0, causing unauthenticated privilege escalation via account takeover. The root cause is inadequate user identity validation before post-booking auto-login or profile updates (e.g., password changes),...
CVE-2024-13442 Service Finder Bookings <= 5.0 - Unauthenticated Privilege Escalation via Account Takeover
The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.0. This is due to the plugin not properly validating a user's identity prior to 1 performing a post-booking auto-login or 2 updating their profile...