Description
WordPress Plugin BookingPress-Appointments Booking Calendar and Online Scheduling is prone to a insecure direct object reference (IDOR) vulnerability. Exploiting this issue may allow an attacker to view information about any booking, including full name, date, time and service booked. WordPress Plugin BookingPress-Appointments Booking Calendar and Online Scheduling version 1.0.30 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.0.31 or latest
References
Related Vulnerabilities
WordPress Plugin Sociable Cross-Site Scripting (4.3.4.1)
Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-5651)
Internet Information Services CVE-2001-0146 Vulnerability (CVE-2001-0146)
MySQL CVE-2022-21319 Vulnerability (CVE-2022-21319)
WordPress Plugin amr shortcode any widget Cross-Site Scripting (4.0)