Vulnerabilities > CVE-2023-1129 - Unspecified vulnerability in WP Fevents Book Project WP Fevents Book 0.46

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

wp-fevents-book-project

NVD

Published: 2023-04-24

Updated: 2023-11-07

Summary

The WP FEvents Book WordPress plugin through 0.46 does not ensures that bookings to be updated belong to the user making the request, allowing any authenticated user to book, add notes, or cancel booking on behalf of other users.

Vulnerable Configurations

Part	Description	Count
Application	Wp_Fevents_Book_Project WP Fevents Book Project WP Fevents Book 0.46	1

References

https://wpscan.com/vulnerability/d40479de-fb04-41b8-9fb0-41b9eefbd8af