The Scheduling Plugin – Online Booking for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cbsb_disconnect_settings' function in all versions up to, and including, 3.5.10. This makes it possible for unauthenticated attackers to disconnect the plugin from the startbooking service and remove connection data.
References
Link | Resource |
---|---|
https://wordpress.org/plugins/calendar-booking/ | Product |
https://www.wordfence.com/threat-intel/vulnerabilities/id/60e642f9-74ff-47f1-a49d-99c8fdb26f4a?source=cve | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
05 Jul 2024, 13:31
Type | Values Removed | Values Added |
---|---|---|
References | () https://wordpress.org/plugins/calendar-booking/ - Product | |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/60e642f9-74ff-47f1-a49d-99c8fdb26f4a?source=cve - Third Party Advisory | |
First Time |
Startbooking
Startbooking scheduling Plugin - Online Booking |
|
CWE | CWE-862 | |
CPE | cpe:2.3:a:startbooking:scheduling_plugin_-_online_booking:*:*:*:*:*:wordpress:*:* |
20 Jun 2024, 12:44
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
18 Jun 2024, 03:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-18 03:15
Updated : 2024-07-05 13:31
NVD link : CVE-2024-1634
Mitre link : CVE-2024-1634
CVE.ORG link : CVE-2024-1634
JSON object : View
Products Affected
startbooking
- scheduling_plugin_-_online_booking
CWE
CWE-862
Missing Authorization