Lucene search
+L

4 matches found

RedhatCVE
RedhatCVE
added 2025/03/21 11:19 a.m.5 views

CVE-2024-13442

The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.0. This is due to the plugin not properly validating a user's identity prior to 1 performing a post-booking auto-login or 2 updating their profile...

9.8CVSS7.5AI score0.00402EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/19 11:10 a.m.4 views

CVE-2024-13442 Service Finder Bookings <= 5.0 - Unauthenticated Privilege Escalation via Account Takeover

The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.0. This is due to the plugin not properly validating a user's identity prior to 1 performing a post-booking auto-login or 2 updating their profile...

9.8CVSS7.7AI score0.00402EPSS
Exploits0References2
CVE
CVE
added 2025/03/19 11:10 a.m.51 views

CVE-2024-13442

CVE-2024-13442 affects the WordPress plugin Service Finder Bookings up to and including version 5.0, causing unauthenticated privilege escalation via account takeover. The root cause is inadequate user identity validation before post-booking auto-login or profile updates (e.g., password changes),...

9.8CVSS9.8AI score0.00402EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/19 11:10 a.m.13 views

CVE-2024-13442 Service Finder Bookings <= 5.0 - Unauthenticated Privilege Escalation via Account Takeover

The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.0. This is due to the plugin not properly validating a user's identity prior to 1 performing a post-booking auto-login or 2 updating their profile...

9.8CVSS0.00402EPSS
Exploits0References2
Rows per page
Query Builder