Vulnerabilities > CVE-2023-1129 - Unspecified vulnerability in WP Fevents Book Project WP Fevents Book 0.46

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
NONE
network
low complexity
wp-fevents-book-project

Summary

The WP FEvents Book WordPress plugin through 0.46 does not ensures that bookings to be updated belong to the user making the request, allowing any authenticated user to book, add notes, or cancel booking on behalf of other users.

Vulnerable Configurations

Part Description Count
Application
Wp_Fevents_Book_Project
1