Online Booking & Scheduling Calendar@4.2.10 Security Vulnerabilities and Issues — Online Booking & Scheduling Calendar@4.2.10 CVE List

Lucene search

VcitaOnline Booking & Scheduling Calendar4.2.10

4 matches found

CVE•added 2023/06/03 5:15 a.m.•48 views

CVE-2023-2299

The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized medication of data via the /wp-json/vcita-wordpress/v1/actions/auth REST-API endpoint in versions up to, and including, 4.2.10 due to a missing capability check on the processAction fu...

5.3CVSS5.4AI score0.00111EPSS

Web

CVE•added 2023/06/03 5:15 a.m.•45 views

CVE-2023-2298

The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'business_id' parameter in versions up to, and including, 4.2.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthent...

7.2CVSS5.9AI score0.0078EPSS

Web

CVE•added 2023/06/03 5:15 a.m.•37 views

CVE-2023-2415

The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_logout_callback function in versions up to, and including, 4.2.10. This makes it possible for authenticated attacker...

5.4CVSS5.3AI score0.00033EPSS

Web

CVE•added 2023/06/03 5:15 a.m.•32 views

CVE-2023-2416

The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the vcita_logout_callback function in versions up to, and including, 4.2.10. This makes it possible for unauthenticated to logout a vctia ...

6.5CVSS6.3AI score0.00072EPSS

Web