Lucene search

WpvulndbWPVDB-ID:213556AC-E721-4AA2-A131-C2FE70BFE4EC

HistoryApr 29, 2024 - 12:00 a.m.

Booking Ultra Pro < 1.1.13 - Authenticated (Contributor+) Privilege Escalation

2024-04-2900:00:00

wpscan.com

booking ultra pro

wordpress

privilege escalation

authenticated

contributor-level access

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

High

EPSS

Percentile

9.0%

JSON

Description The Booking Ultra Pro Appointments Booking Calendar Plugin plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.12. This makes it possible for authenticated attackers, with contributor-level access and above, to escalate their privileges.

References

www.wordfence.com/threat-intel/vulnerabilities/id/f65fdde9-1133-4e29-a70a-be977f96acce

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for WPVDB-ID:213556AC-E721-4AA2-A131-C2FE70BFE4EC