CVE-2022-0920 Vulnerability Details

  /     /     /  

CVE-2022-0920 Metadata Quick Info

CVE Published: 11/04/2022 | CVE Updated: 02/08/2024 | CVE Year: 2022
Source: WPScan | Vendor: Unknown | Product: Salon booking system
Status : PUBLISHED

CVE-2022-0920 Description

The Salon booking system Free and Pro WordPress plugins before 7.6.3 do not have proper authorisation in some of its endpoints, which could allow customers to access all bookings and other customer\'s data

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-863
CWE Name: CWE-863 Incorrect Authorization
Source: Unknown

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).

Last added CVEs

▸ CVE-2024-9999 ◂
Discovered: 12/11/2024
Status: PUBLISHED
▸ CVE-2024-9997 ◂
Discovered: 29/10/2024
Status: PUBLISHED
▸ CVE-2024-9996 ◂
Discovered: 29/10/2024
Status: PUBLISHED



Tags:
CVE-2022-0920 Vulnerability Details