Description

WordPress Plugin BookingPress-Appointments Booking Calendar and Online Scheduling is prone to a insecure direct object reference (IDOR) vulnerability. Exploiting this issue may allow an attacker to view information about any booking, including full name, date, time and service booked. WordPress Plugin BookingPress-Appointments Booking Calendar and Online Scheduling version 1.0.30 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 1.0.31 or latest

References

Related Vulnerabilities