CVE-2024-5071 Vulnerability Details

  /     /     /  

CVE-2024-5071 Metadata Quick Info

CVE Published: 26/06/2024 | CVE Updated: 28/10/2024 | CVE Year: 2024
Source: WPScan | Vendor: Unknown | Product: Bookster
Status : PUBLISHED

CVE-2024-5071 Description

The Bookster WordPress plugin through 1.1.0 allows adding sensitive parameters when validating appointments allowing attackers to manipulate the data sent when booking an appointment (the request body) to change its status from pending to approved.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: CWE-863 Incorrect Authorization
Source: Unknown

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description: