Lucene search
+L

11 matches found

NVD
NVD
added 2023/04/24 7:15 p.m.29 views

CVE-2023-1129

The WP FEvents Book WordPress plugin through 0.46 does not ensures that bookings to be updated belong to the user making the request, allowing any authenticated user to book, add notes, or cancel booking on behalf of other users...

6.5CVSS6.4AI score0.00555EPSS
Exploits2References1
NVD
NVD
added 2023/04/24 7:15 p.m.15 views

CVE-2023-1126

The WP FEvents Book WordPress plugin through 0.46 does not sanitise and escape some parameters, which could allow any authenticated users, such as subscriber to perform Cross-Site Scripting attacks...

5.4CVSS5.2AI score0.00441EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/04/24 6:30 p.m.7 views

CVE-2023-1126 WP FEvents Book <= 0.46 - Subscriber+ Stored XSS

The WP FEvents Book WordPress plugin through 0.46 does not sanitise and escape some parameters, which could allow any authenticated users, such as subscriber to perform Cross-Site Scripting attacks...

6.2AI score0.00441EPSS
Exploits2References1
CVE
CVE
added 2023/04/24 6:30 p.m.52 views

CVE-2023-1126

CVE-2023-1126 affects the WP FEvents Book WordPress plugin (versions

5.4CVSS5.4AI score0.00441EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2023/04/24 6:30 p.m.56 views

CVE-2023-1129

CVE-2023-1129 concerns WP FEvents Book WordPress plugin (versions &lt;= 0.46). The vulnerability arises from improper access control: bookings to be updated are not verified as belonging to the requesting user, enabling any authenticated user (subscriber level) to book, add notes, or cancel booki...

6.5CVSS6.6AI score0.00555EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2023/04/24 6:30 p.m.36 views

CVE-2023-1129 WP FEvents Book <= 0.46 - Subscriber+ Arbitrary Booking Manipulation via IDOR

The WP FEvents Book WordPress plugin through 0.46 does not ensures that bookings to be updated belong to the user making the request, allowing any authenticated user to book, add notes, or cancel booking on behalf of other users...

6.6AI score0.00555EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/04/24 6:30 p.m.4 views

CVE-2023-1129 WP FEvents Book <= 0.46 - Subscriber+ Arbitrary Booking Manipulation via IDOR

The WP FEvents Book WordPress plugin through 0.46 does not ensures that bookings to be updated belong to the user making the request, allowing any authenticated user to book, add notes, or cancel booking on behalf of other users...

6.6AI score0.00555EPSS
Exploits2References1
CNNVD
CNNVD
added 2023/04/24 12:0 a.m.3 views

WordPress plugin WP FEvents Book 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

5.4CVSS6.5AI score0.00441EPSS
Exploits2References2
Patchstack
Patchstack
added 2023/04/05 12:0 a.m.19 views

WordPress WP FEvents Book Plugin <= 0.46 is vulnerable to Insecure Direct Object References (IDOR)

Software WP FEvents Book Type Plugin Vulnerable versions = 0.46 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-1129 Patch priority Low CVSS severity Low 6.3 Developer Claim ownership PSID bdca07c43d3d Credits Ameen Alkurdy...

6.5CVSS6.5AI score0.00555EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/03 12:0 a.m.13 views

WP FEvents Book <= 0.46 - Subscriber+ Arbitrary Booking Manipulation via IDOR

The plugin does not ensures that bookings to be updated belong to the user making the request, allowing any authenticated user to book, add notes, or cancel booking on behalf of other users. PoC 1. Book or cancel booking an event using an authenticated user. 2. Intercept the request using an HTTP...

6.5CVSS6.7AI score0.00555EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2023/04/03 12:0 a.m.91 views

WP FEvents Book <= 0.46 - Subscriber+ Arbitrary Booking Manipulation via IDOR

The plugin does not ensures that bookings to be updated belong to the user making the request, allowing any authenticated user to book, add notes, or cancel booking on behalf of other users. 1. Book or cancel booking an event using an authenticated user. 2. Intercept the request using an HTTP Pro...

6.5CVSS6.9AI score0.00555EPSS
Exploits2
Rows per page
Query Builder