2 results (0.001 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Veribo, Roland Murg WP Booking System.This issue affects WP Booking System: from n/a through 2.0.19.10. La vulnerabilidad de autorización faltante en Mondula GmbH Multi Step Form permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Multi Step Form: desde n/a hasta 1.7.21. The WP Booking System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpbs_refresh_calendar_editor function in versions up to, and including, 2.0.19.10. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify calendars. • https://patchstack.com/database/vulnerability/wp-booking-system/wordpress-wp-booking-system-plugin-2-0-19-10-broken-access-control-vulnerability?_s_id=cve • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere CWE-862: Missing Authorization •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

The WP Booking System plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpbs_save_calendar_data function in versions up to, and including, 2.0.19.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to save calendar data. • CWE-862: Missing Authorization •