Lucene search

WPScanCVE-2022-4340

HistoryJan 02, 2023 - 10:15 p.m.

CVE-2022-4340

2023-01-0222:15:17

WPScan

web.nvd.nist.gov

cve-2022-4340

bookingpress

wordpress plugin

idor vulnerability

nvd

security

information security

vulnerability

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

40.5%

JSON

The BookingPress WordPress plugin before 1.0.31 suffers from an Insecure Direct Object Reference (IDOR) vulnerability in it’s thank you page, allowing any visitor to display information about any booking, including full name, date, time and service booked, by manipulating the appointment_id query parameter.

Affected configurations

Nvd

Vulners

Node

reputeinfosystemsbookingpressRange<1.0.31wordpress

VendorProductVersionCPE
reputeinfosystemsbookingpress*cpe:2.3:a:reputeinfosystems:bookingpress:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
reputeinfosystems	bookingpress	*	cpe:2.3:a:reputeinfosystems:bookingpress::::::wordpress::*

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "BookingPress",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.0.31"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

References

wpscan.com/vulnerability/8a7bd9f6-2789-474b-a237-01c643fdfba7

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

40.5%

JSON

Related for CVE-2022-4340