CVE-2024-13821

12 Feb 2025

Título es

CVE-2024-13821

Mié, 12/02/2025 – 08:15

Tipo

CWE-285

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-13821

Descripción en

The WP Booking Calendar plugin for WordPress is vulnerable to Unauthenticated Post-Confirmation Booking Manipulation in all versions up to, and including, 10.10. This is due to the plugin not properly requiring re-verification after a booking has been made and a change is being attempted. This makes it possible for unauthenticated attackers to manipulate their confirmed bookings, even after they have been approved.

12/02/2025

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)

5.30

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3234469%40booking&new=3234469%40booking#file20

https://www.wordfence.com/threat-intel/vulnerabilities/id/8a0b961e-ccc3-4da0-b007-bbafa133a3a8?source=cve

Enviar en el boletín

Off

CVE-2024-13821

CVE-2024-13821

Jose Alexis Correa Valencia