Vulnerability Details CVE-2024-12274
The Appointment Booking Calendar Plugin and Scheduling Plugin WordPress plugin before 1.1.23 export settings functionality exports data to a public folder, with an easily guessable file name, allowing unauthenticated attackers to access the exported files (if they exist).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 17.4%
CVSS Severity
CVSS v3 Score 7.5
Products affected by CVE-2024-12274
-
cpe:2.3:a:codepeople:appointment_booking_calendar:1.0.1
-
cpe:2.3:a:codepeople:appointment_booking_calendar:1.1.10
-
cpe:2.3:a:codepeople:appointment_booking_calendar:1.1.11
-
cpe:2.3:a:codepeople:appointment_booking_calendar:1.1.12
-
cpe:2.3:a:codepeople:appointment_booking_calendar:1.1.13
-
cpe:2.3:a:codepeople:appointment_booking_calendar:1.1.14
-
cpe:2.3:a:codepeople:appointment_booking_calendar:1.1.15
-
cpe:2.3:a:codepeople:appointment_booking_calendar:1.1.16
-
cpe:2.3:a:codepeople:appointment_booking_calendar:1.1.17
-
cpe:2.3:a:codepeople:appointment_booking_calendar:1.1.18
-
cpe:2.3:a:codepeople:appointment_booking_calendar:1.1.19
-
cpe:2.3:a:codepeople:appointment_booking_calendar:1.1.20
-
cpe:2.3:a:codepeople:appointment_booking_calendar:1.1.21
-
cpe:2.3:a:codepeople:appointment_booking_calendar:1.1.22
-
cpe:2.3:a:codepeople:appointment_booking_calendar:1.1.3
-
cpe:2.3:a:codepeople:appointment_booking_calendar:1.1.4
-
cpe:2.3:a:codepeople:appointment_booking_calendar:1.1.6
-
cpe:2.3:a:codepeople:appointment_booking_calendar:1.1.7
-
cpe:2.3:a:codepeople:appointment_booking_calendar:1.1.8
-
cpe:2.3:a:codepeople:appointment_booking_calendar:1.1.9