CVE-2024-35735
WordPress WP Time Slots Booking Form plugin <= 1.2.11 - Broken Access Control vulnerability
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Attend
*SSVC
Descriptions
Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through 1.2.11.
Vulnerabilidad de autorizaciĆ³n faltante en CodePeople WP Time Slots Booking Form. Este problema afecta al formulario de reserva de franjas horarias de WP: desde n/a hasta 1.2.11.
The WP Time Slots Booking Form plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the data_management() function in versions up to, and including, 1.2.11. This makes it possible for unauthenticated attackers to view slot data.
*Credits:
Manab Jyoti Dowarah (Patchstack Alliance)
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Attend
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-05-17 CVE Reserved
- 2024-06-06 CVE Published
- 2024-06-13 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-862: Missing Authorization
CAPEC
References (1)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Codepeople Search vendor "Codepeople" | Wp Time Slots Booking Form Search vendor "Codepeople" for product "Wp Time Slots Booking Form" | < 1.2.12 Search vendor "Codepeople" for product "Wp Time Slots Booking Form" and version " < 1.2.12" | wordpress |
Affected
| ||||||