CVE-2023-50852 – WordPress BookIt Plugin <= 2.4.3 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2023-50852
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Booking Calendar | Appointment Booking | BookIt.This issue affects Booking Calendar | Appointment Booking | BookIt: from n/a through 2.4.3. Neutralización incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyección SQL') en StylemixThemes Booking Calendar | Appointment Booking | BookIt. Este problema afecta a Booking Calendar | Appointment Booking | BookIt: desde n/a hasta 2.4.3. The Booking Calendar | Appointment Booking | BookIt plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in all versions up to 2.4.4 (exclusive) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. • https://patchstack.com/database/vulnerability/bookit/wordpress-bookit-plugin-2-4-3-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-2834 – BookIt <= 2.3.7 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2023-2834
The BookIt plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.3.7. This is due to insufficient verification on the user being supplied during booking an appointment through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. WordPress BookIt plugin versions 2.3.7 and below suffer from an authentication bypass vulnerability. • https://lana.codes/lanavdb/0dea1346-fd60-4338-8af6-6f89c29075d4 https://plugins.trac.wordpress.org/browser/bookit/tags/2.3.6/includes/classes/CustomerController.php#L27 https://plugins.trac.wordpress.org/browser/bookit/tags/2.3.6/includes/classes/database/Customers.php#L63 https://plugins.trac.wordpress.org/changeset/2919529/bookit https://plugins.trac.wordpress.org/changeset/2925153/bookit https://www.wordfence.com/blog/2023/06/stylemixthemes-addresses-authentication-bypass-vulnerability-in-bookit-wordpress-plugin& • CWE-288: Authentication Bypass Using an Alternate Path or Channel CWE-306: Missing Authentication for Critical Function •