Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbWpvulndbWPVDB-ID:4C6C602B-BA80-46C3-A86D-20C1A0632AA3
HistoryJun 20, 2023 - 12:00 a.m.

BookIt < 2.3.8 - Authentication Bypass

2023-06-2000:00:00
wpscan.com
5
bookit plugin
authentication bypass
unauthenticated login
email address
user account

0.002 Low

EPSS

Percentile

51.4%

JSON

The plugin does not perform any authorisation check when a user book an appointment using an email from an existing account, allowing unauthenticated attackers to login as any user from the blog by providing their email address

PoC

On a page where the [bookit] is embed, book an appointment using an email address from a user on the blog

CPENameOperatorVersion
bookitlt2.2.9

Related

packetstorm 1
nvd 1
wpexploit 1
cvelist 1
wordfence 3
cve 1
prion 1
thn 1
packetstorm
packetstorm
WordPress BookIt 2.3.7 Authentication Bypass
2023-06-21 00:00:00
nvd
nvd
CVE-2023-2834
2023-06-30 02:15:08
wpexploit
wpexploit
BookIt < 2.3.8 - Authentication Bypass
2023-06-20 00:00:00
cvelist
cvelist
CVE-2023-2834
2023-06-30 01:56:17
wordfence
wordfence
StylemixThemes Addresses Authentication Bypass Vulnerability in BookIt WordPress Plugin
2023-06-20 13:38:14
2023’s Critical WordPress Vulnerabilities and How They Work
2024-02-12 19:11:21
Wordfence Intelligence Weekly WordPress Vulnerability Report (June 19, 2023 to June 25, 2023)
2023-06-29 13:24:24
cve
cve
CVE-2023-2834
2023-06-30 02:15:08
prion
prion
Authentication flaw
2023-06-30 02:15:00
thn
thn
Critical Flaw Found in WordPress Plugin for WooCommerce Used by 30,000 Websites
2023-06-22 10:17:00

0.002 Low

EPSS

Percentile

51.4%

JSON
Related for WPVDB-ID:4C6C602B-BA80-46C3-A86D-20C1A0632AA3
packetstorm1nvd1wpexploit1cvelist1wordfence3cve1prion1thn1