Lucene search
+L

3 matches found

Cvelist
Cvelist
added 2024/07/18 2:3 a.m.36 views

CVE-2024-6175 Booking Ultra Pro <= 1.1.13 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Updates

The Booking Ultra Pro Appointments Booking Calendar Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the multiple functions called via AJAX like savefieldssettings, bupdeleteuseravatar, bupcropavataruserprofileimage, and more in a...

5.4CVSS0.00298EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/07/18 2:3 a.m.9 views

CVE-2024-6175 Booking Ultra Pro <= 1.1.13 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Updates

The Booking Ultra Pro Appointments Booking Calendar Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the multiple functions called via AJAX like savefieldssettings, bupdeleteuseravatar, bupcropavataruserprofileimage, and more in a...

5.4CVSS5.9AI score0.00298EPSS
Exploits0References4
Patchstack
Patchstack
added 2024/07/17 12:0 a.m.6 views

WordPress Booking Ultra Pro Plugin <= 1.1.13 is vulnerable to Broken Access Control

Software Booking Ultra Pro Type Plugin Vulnerable versions = 1.1.13 Fixed in 1.1.14 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-6175 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 30adcefb346a Credits Lucio Sá Required privileg...

5.4CVSS6.6AI score0.00298EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder