CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50425 – WordPress WP Booking System – Booking Calendar plugin <= 2.0.19.10 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-50425
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Veribo, Roland Murg WP Booking System.This issue affects WP Booking System: from n/a through 2.0.19.10. La vulnerabilidad de autorización faltante en Mondula GmbH Multi Step Form permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Multi Step Form: desde n/a hasta 1.7.21. The WP Booking System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpbs_refresh_calendar_editor function in versions up to, and including, 2.0.19.10. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify calendars. • https://patchstack.com/database/vulnerability/wp-booking-system/wordpress-wp-booking-system-plugin-2-0-19-10-broken-access-control-vulnerability?_s_id=cve • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49758 – WP Booking System <= 2.0.19.2 - Missing Authorization
https://notcve.org/view.php?id=CVE-2023-49758
The WP Booking System plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpbs_save_calendar_data function in versions up to, and including, 2.0.19.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to save calendar data. • CWE-862: Missing Authorization •