Description
WordPress Plugin Booking Calendar-Appointment Booking-BookIt is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently log in as any existing user on the site, including administrator, if they have access to the email. WordPress Plugin Booking Calendar-Appointment Booking-BookIt version 2.3.7 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.3.8 or latest
References
Related Vulnerabilities
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-2355)
WordPress Plugin Really Easy Slider TimThumb Arbitrary File Upload (0.1)
Oracle Database Server CVE-2013-5771 Vulnerability (CVE-2013-5771)
WordPress Plugin WP Ultimate Exporter Cross-Site Scripting (1.0)
WordPress Plugin Daily Prayer Time Cross-Site Scripting (2023.03.20)