Lucene search

K

WP FEvents Book <= 0.46 - Subscriber+ Arbitrary Booking Manipulation via IDOR

🗓️ 03 Apr 2023 00:00:00Reported by Ameen AlkurdyType 
wpvulndb
 wpvulndb
🔗 wpscan.com👁 7 Views

The WP FEvents Book plugin (version <= 0.46) allows arbitrary booking manipulation via Insecure Direct Object References (IDOR), enabling authenticated users to book, add notes, or cancel bookings on behalf of other users

Show more
Related
Detection