CVE-2024-1634

The Scheduling Plugin – Online Booking for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cbsb_disconnect_settings' function in all versions up to, and including, 3.5.10. This makes it possible for unauthenticated attackers to disconnect the plugin from the startbooking service and remove connection data.
Configurations

Configuration 1 (hide)

cpe:2.3:a:startbooking:scheduling_plugin_-_online_booking:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 08:50

Type Values Removed Values Added
References () https://wordpress.org/plugins/calendar-booking/ - Product () https://wordpress.org/plugins/calendar-booking/ - Product
References () https://www.wordfence.com/threat-intel/vulnerabilities/id/60e642f9-74ff-47f1-a49d-99c8fdb26f4a?source=cve - Third Party Advisory () https://www.wordfence.com/threat-intel/vulnerabilities/id/60e642f9-74ff-47f1-a49d-99c8fdb26f4a?source=cve - Third Party Advisory

05 Jul 2024, 13:31

Type Values Removed Values Added
References () https://wordpress.org/plugins/calendar-booking/ - () https://wordpress.org/plugins/calendar-booking/ - Product
References () https://www.wordfence.com/threat-intel/vulnerabilities/id/60e642f9-74ff-47f1-a49d-99c8fdb26f4a?source=cve - () https://www.wordfence.com/threat-intel/vulnerabilities/id/60e642f9-74ff-47f1-a49d-99c8fdb26f4a?source=cve - Third Party Advisory
First Time Startbooking
Startbooking scheduling Plugin - Online Booking
CWE CWE-862
CPE cpe:2.3:a:startbooking:scheduling_plugin_-_online_booking:*:*:*:*:*:wordpress:*:*

20 Jun 2024, 12:44

Type Values Removed Values Added
Summary
  • (es) El complemento Scheduling Plugin – Online Booking for WordPress para WordPress es vulnerable a la pérdida no autorizada de datos debido a una falta de verificación de capacidad en la función 'cbsb_disconnect_settings' en todas las versiones hasta la 3.5.10 incluida. Esto hace posible que atacantes no autenticados desconecten el complemento del servicio de inicio de reservas y eliminen los datos de conexión.

18 Jun 2024, 03:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-18 03:15

Updated : 2024-11-21 08:50


NVD link : CVE-2024-1634

Mitre link : CVE-2024-1634

CVE.ORG link : CVE-2024-1634


JSON object : View

Products Affected

startbooking

  • scheduling_plugin_-_online_booking
CWE
CWE-862

Missing Authorization