CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-2299

The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized medication of data via the /wp-json/vcita-wordpress/v1/actions/auth REST-API endpoint in versions up to, and including, 4.2.10 due to a missing capability check on the processAction function. This makes it possible for unauthenticated attackers modify the plugin's settings.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 30.3%

CVSS Severity

CVSS v3 Score 5.3

References

Products affected by CVE-2023-2299

Vcita » Online Booking & Scheduling Calendar » Version: N/A

cpe:2.3:a:vcita:online_booking_&_scheduling_calendar:-
Vcita » Online Booking & Scheduling Calendar » Version: 3.16

cpe:2.3:a:vcita:online_booking_&_scheduling_calendar:3.16
Vcita » Online Booking & Scheduling Calendar » Version: 3.16.1

cpe:2.3:a:vcita:online_booking_&_scheduling_calendar:3.16.1
Vcita » Online Booking & Scheduling Calendar » Version: 4.1

cpe:2.3:a:vcita:online_booking_&_scheduling_calendar:4.1
Vcita » Online Booking & Scheduling Calendar » Version: 4.1.1

cpe:2.3:a:vcita:online_booking_&_scheduling_calendar:4.1.1
Vcita » Online Booking & Scheduling Calendar » Version: 4.1.2

cpe:2.3:a:vcita:online_booking_&_scheduling_calendar:4.1.2
Vcita » Online Booking & Scheduling Calendar » Version: 4.1.3

cpe:2.3:a:vcita:online_booking_&_scheduling_calendar:4.1.3
Vcita » Online Booking & Scheduling Calendar » Version: 4.1.4

cpe:2.3:a:vcita:online_booking_&_scheduling_calendar:4.1.4
Vcita » Online Booking & Scheduling Calendar » Version: 4.1.5

cpe:2.3:a:vcita:online_booking_&_scheduling_calendar:4.1.5
Vcita » Online Booking & Scheduling Calendar » Version: 4.2

cpe:2.3:a:vcita:online_booking_&_scheduling_calendar:4.2
Vcita » Online Booking & Scheduling Calendar » Version: 4.2.1

cpe:2.3:a:vcita:online_booking_&_scheduling_calendar:4.2.1
Vcita » Online Booking & Scheduling Calendar » Version: 4.2.10

cpe:2.3:a:vcita:online_booking_&_scheduling_calendar:4.2.10
Vcita » Online Booking & Scheduling Calendar » Version: 4.2.2

cpe:2.3:a:vcita:online_booking_&_scheduling_calendar:4.2.2
Vcita » Online Booking & Scheduling Calendar » Version: 4.2.3

cpe:2.3:a:vcita:online_booking_&_scheduling_calendar:4.2.3
Vcita » Online Booking & Scheduling Calendar » Version: 4.2.4

cpe:2.3:a:vcita:online_booking_&_scheduling_calendar:4.2.4
Vcita » Online Booking & Scheduling Calendar » Version: 4.2.5

cpe:2.3:a:vcita:online_booking_&_scheduling_calendar:4.2.5
Vcita » Online Booking & Scheduling Calendar » Version: 4.2.6

cpe:2.3:a:vcita:online_booking_&_scheduling_calendar:4.2.6
Vcita » Online Booking & Scheduling Calendar » Version: 4.2.7

cpe:2.3:a:vcita:online_booking_&_scheduling_calendar:4.2.7
Vcita » Online Booking & Scheduling Calendar » Version: 4.2.9

cpe:2.3:a:vcita:online_booking_&_scheduling_calendar:4.2.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-2299

Products

Pricing

Contact Us