Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbWpvulndbWPVDB-ID:24CACEA4-FDA9-498C-B346-9DD02B0827A1
HistoryJan 27, 2023 - 12:00 a.m.

Booking calendar, Appointment Booking System < 3.2.4 - Form Creation/Update/Deletion/Duplication via CSRF

2023-01-2700:00:00
wpscan.com
11
csrf
form actions
plugin vulnerability
attackers
admin privileges

0.0005 Low

EPSS

Percentile

16.3%

JSON

The plugin does not have CSRF checks on some of its form actions such as creation/update/deletion and duplication, which could allow attackers to make logged in admin perform such actions via CSRF attacks

CPENameOperatorVersion
booking-calendarlt3.2.4

Related

prion 1
cve 1
nvd 1
cvelist 1
prion
prion
Cross site request forgery (csrf)
2023-02-17 15:15:00
cve
cve
CVE-2023-24388
2023-02-17 15:15:12
nvd
nvd
CVE-2023-24388
2023-02-17 15:15:12
cvelist
cvelist
CVE-2023-24388 WordPress Booking calendar, Appointment Booking System Plugin <= 3.2.3 is vulnerable to Cross Site Request Forgery (CSRF)
2023-02-17 14:25:11

0.0005 Low

EPSS

Percentile

16.3%

JSON
Related for WPVDB-ID:24CACEA4-FDA9-498C-B346-9DD02B0827A1
prion1cve1nvd1cvelist1