Lucene search
K

4 matches found

Circl
Circl
added 2024/12/06 10:6 a.m.8 views

CVE-2024-9872

creationtimestamp| type| source ---|---|--- 2024-12-06 10:06:24+00:00| seen| https://infosec.exchange/users/cve/statuses/113605317947527049 2024-12-06 10:35:47+00:00| seen| https://t.me/cvedetector/12175...

5.4CVSS8.7AI score0.0025EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/12/06 8:24 a.m.11 views

CVE-2024-9872 Online Booking & Scheduling Calendar for WordPress by vcita <= 4.5.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting

The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcitasaveuserdatacallback function in all versions up to, and including, 4.5.1. This makes it possible for authenticated...

5.4CVSS6.5AI score0.0025EPSS
Exploits0References2
CVE
CVE
added 2024/12/06 8:24 a.m.60 views

CVE-2024-9872

CVE-2024-9872 (vcita WordPress plugin) : Affected plugin versions include all up to 4.5.1. Root cause is a missing capability check in vcita_save_user_data_callback(), enabling authenticated users with Subscriber+ privileges to modify data and inject scripts and update settings. Impact per source...

5.4CVSS5.2AI score0.0025EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/12/06 8:24 a.m.26 views

CVE-2024-9872 Online Booking & Scheduling Calendar for WordPress by vcita <= 4.5.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting

The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcitasaveuserdatacallback function in all versions up to, and including, 4.5.1. This makes it possible for authenticated...

5.4CVSS0.0025EPSS
Exploits0References2
Rows per page
Query Builder