Lucene search

WpvulndbWPVDB-ID:5E1C9FBE-DF10-494B-9E45-821633F00DE8

HistoryMay 03, 2024 - 12:00 a.m.

WP Time Slots Booking Form < 1.2.07 - Unauthenticated Price Manipulation

2024-05-0300:00:00

wpscan.com

wordpress

vulnerability

price manipulation

unauthenticated

bookings

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

7.1

Confidence

Low

EPSS

Percentile

9.0%

JSON

Description The WP Time Slots Booking Form plugin for WordPress is vulnerable to price manipulation due to insufficient server-side validation of prices in versions up to, and including, 1.2.06. This makes it possible for unauthenticated attackers to alter the price of bookings.

References

www.wordfence.com/threat-intel/vulnerabilities/id/e7a731ff-12e9-4fab-a055-c0193b3b2da8

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

7.1

Confidence

Low

EPSS

Percentile

9.0%

JSON

Related for WPVDB-ID:5E1C9FBE-DF10-494B-9E45-821633F00DE8