Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpexploitWpvulndbWPEX-ID:4C6C602B-BA80-46C3-A86D-20C1A0632AA3
HistoryJun 20, 2023 - 12:00 a.m.

BookIt < 2.3.8 - Authentication Bypass

2023-06-2000:00:00
wpvulndb
67
bookit 2.3.8
authentication bypass
book appointment
blog user email
exploit

EPSS

0.004

Percentile

73.6%

JSON

The plugin does not perform any authorisation check when a user book an appointment using an email from an existing account, allowing unauthenticated attackers to login as any user from the blog by providing their email address

On a page where the [bookit] is embed, book an appointment using an email address from a user on the blog

Related

cvelist 1
nvd 1
packetstorm 1
prion 1
wordfence 3
wpvulndb 1
cve 1
thn 1
cvelist
cvelist
CVE-2023-2834
2023-06-30 01:56:17
nvd
nvd
CVE-2023-2834
2023-06-30 02:15:08
packetstorm
packetstorm
WordPress BookIt 2.3.7 Authentication Bypass
2023-06-21 00:00:00
prion
prion
Authentication flaw
2023-06-30 02:15:00
wordfence
wordfence
StylemixThemes Addresses Authentication Bypass Vulnerability in BookIt WordPress Plugin
2023-06-20 13:38:14
2023’s Critical WordPress Vulnerabilities and How They Work
2024-02-12 19:11:21
Wordfence Intelligence Weekly WordPress Vulnerability Report (June 19, 2023 to June 25, 2023)
2023-06-29 13:24:24
wpvulndb
wpvulndb
BookIt < 2.3.8 - Authentication Bypass
2023-06-20 00:00:00
cve
cve
CVE-2023-2834
2023-06-30 02:15:08
thn
thn
Critical Flaw Found in WordPress Plugin for WooCommerce Used by 30,000 Websites
2023-06-22 10:17:00

EPSS

0.004

Percentile

73.6%

JSON
Related for WPEX-ID:4C6C602B-BA80-46C3-A86D-20C1A0632AA3
cvelist1nvd1packetstorm1prion1wordfence3wpvulndb1cve1thn1