CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33543 – WordPress WP Time Slots Booking Form plugin <= 1.2.06 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-33543
Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through 1.2.06. Vulnerabilidad de autorización faltante en CodePeople WP Time Slots Booking Form. Este problema afecta al formulario de reserva de franjas horarias de WP: desde n/a hasta 1.2.06. The WP Time Slots Booking Form plugin for WordPress is vulnerable to price manipulation due to insufficient server-side validation of prices in versions up to, and including, 1.2.06. This makes it possible for unauthenticated attackers to alter the price of bookings. • https://patchstack.com/database/vulnerability/wp-time-slots-booking-form/wordpress-wp-time-slots-booking-form-plugin-1-2-06-broken-access-control-vulnerability?_s_id=cve • CWE-472: External Control of Assumed-Immutable Web Parameter CWE-862: Missing Authorization •
CVSS: 4.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23895 – WP Time Slots Booking Form <= 1.1.82 - Improper Authorization Checks
https://notcve.org/view.php?id=CVE-2023-23895
The WP Time Slots Booking Form plugin for WordPress is vulnerable to authorization bypass due to improper capability checks throughout the ~/cp-admin-int-add-booking.inc.php file in versions up to, and including, 1.1.83. This makes it possible for authenticated attackers with editor-level privileges to modify some of the plugin's settings. • CWE-285: Improper Authorization •