Security
Games
Windows
Linux
Android
IOS
News
Reviews
AI
CVE-2024-5071 Vulnerability Details
/
/
/
CVE-2024-5071 Metadata Quick Info
CVE Published: 26/06/2024
|
CVE Updated: 28/10/2024
|
CVE Year: 2024
Source: WPScan
|
Vendor: Unknown
|
Product: Bookster
Status : PUBLISHED
CVE-2024-5071 Description
The Bookster WordPress plugin through 1.1.0 allows adding sensitive parameters when validating appointments allowing attackers to manipulate the data sent when booking an appointment (the request body) to change its status from pending to approved.
Metrics
CVSS Version: 3.1
|
Base Score: n/a
Vector: n/a
l➤ Exploitability Metrics:
Attack Vector (AV)*
Attack Complexity (AC)*
Privileges Required (PR)*
User Interaction (UI)*
Scope (S)*
l➤ Impact Metrics:
Confidentiality Impact (C)*
Integrity Impact (I)*
Availability Impact (A)*
Weakness Enumeration (CWE)
CWE-ID:
CWE Name: CWE-863 Incorrect Authorization
Source: Unknown
Common Attack Pattern Enumeration and Classification (CAPEC)
CAPEC-ID:
CAPEC Description:
Last added CVEs
▸ CVE-2024-9999 ◂
Discovered: 12/11/2024
Status: PUBLISHED
▸ CVE-2024-9997 ◂
Discovered: 29/10/2024
Status: PUBLISHED
▸ CVE-2024-9996 ◂
Discovered: 29/10/2024
Status: PUBLISHED
Tags:
CVE-2024-5071 Vulnerability Details