botón arriba

CVE

CVE-2023-2299

Severidad:
MEDIA
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
03/06/2023
Última modificación:
09/06/2023

Descripción

*** Pendiente de traducción *** The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized medication of data via the /wp-json/vcita-wordpress/v1/actions/auth REST-API endpoint in versions up to, and including, 4.2.10 due to a missing capability check on the processAction function. This makes it possible for unauthenticated attackers modify the plugin's settings.

Productos y versiones vulnerables

  • cpe:2.3:a:vcita:online_booking_\&_scheduling_calendar_for_wordpress:*:*:*:*:*:wordpress:*:*