6 matches found
CVE-2024-13677
The GetBookingsWP – Appointments Booking Calendar Plugin For WordPress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.1.27. This is due to the plugin not properly validating a user's identity prior to updating their details...
CVE-2024-13677
creationtimestamp| type| source ---|---|--- 2025-02-18 05:16:54+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3ligizvybgi23 2025-02-18 06:11:12+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ligm2xuym624 2025-02-18 06:48:57+00:00| seen|...
CVE-2024-13677
The GetBookingsWP – Appointments Booking Calendar Plugin For WordPress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.1.27. This is due to the plugin not properly validating a user's identity prior to updating their details...
CVE-2024-13677
CVE-2024-13677 is associated with the GetBookingsWP WordPress plugin (Appointments Booking Calendar). The Wordfence vulnerability entry documents a privilege-escalation/account-takeover path in which an attacker with subscriber-level access or higher can update another user’s email without proper...
CVE-2024-13677 GetBookingsWp - Appointments & Bookings Plugin Basic Version <= 1.1.27 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover
The GetBookingsWP – Appointments Booking Calendar Plugin For WordPress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.1.27. This is due to the plugin not properly validating a user's identity prior to updating their details...
CVE-2024-13677 GetBookingsWp - Appointments & Bookings Plugin Basic Version <= 1.1.27 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover
The GetBookingsWP – Appointments Booking Calendar Plugin For WordPress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.1.27. This is due to the plugin not properly validating a user's identity prior to updating their details...