The Scheduling Plugin – Online Booking for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cbsb_disconnect_settings' function in all versions up to, and including, 3.5.10. This makes it possible for unauthenticated attackers to disconnect the plugin from the startbooking service and remove connection data.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 08:50
Type | Values Removed | Values Added |
---|---|---|
References | () https://wordpress.org/plugins/calendar-booking/ - Product | |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/60e642f9-74ff-47f1-a49d-99c8fdb26f4a?source=cve - Third Party Advisory |
05 Jul 2024, 13:31
Type | Values Removed | Values Added |
---|---|---|
References | () https://wordpress.org/plugins/calendar-booking/ - Product | |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/60e642f9-74ff-47f1-a49d-99c8fdb26f4a?source=cve - Third Party Advisory | |
First Time |
Startbooking
Startbooking scheduling Plugin - Online Booking |
|
CWE | CWE-862 | |
CPE | cpe:2.3:a:startbooking:scheduling_plugin_-_online_booking:*:*:*:*:*:wordpress:*:* |
20 Jun 2024, 12:44
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
18 Jun 2024, 03:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-18 03:15
Updated : 2024-11-21 08:50
NVD link : CVE-2024-1634
Mitre link : CVE-2024-1634
CVE.ORG link : CVE-2024-1634
JSON object : View
Products Affected
startbooking
- scheduling_plugin_-_online_booking
CWE
CWE-862
Missing Authorization