4 matches found
CVE-2024-9872
creationtimestamp| type| source ---|---|--- 2024-12-06 10:06:24+00:00| seen| https://infosec.exchange/users/cve/statuses/113605317947527049 2024-12-06 10:35:47+00:00| seen| https://t.me/cvedetector/12175...
CVE-2024-9872 Online Booking & Scheduling Calendar for WordPress by vcita <= 4.5.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting
The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcitasaveuserdatacallback function in all versions up to, and including, 4.5.1. This makes it possible for authenticated...
CVE-2024-9872
CVE-2024-9872 (vcita WordPress plugin) : Affected plugin versions include all up to 4.5.1. Root cause is a missing capability check in vcita_save_user_data_callback(), enabling authenticated users with Subscriber+ privileges to modify data and inject scripts and update settings. Impact per source...
CVE-2024-9872 Online Booking & Scheduling Calendar for WordPress by vcita <= 4.5.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting
The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcitasaveuserdatacallback function in all versions up to, and including, 4.5.1. This makes it possible for authenticated...