CVE-2024-7350

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 8, 2024

CWE ID 288

Summary

CVE-2024-7350 is a vulnerability affecting the Appointment Booking Calendar Plugin and Online Scheduling Plugin – BookingPress for WordPress. This issue allows unauthenticated attackers to bypass the authentication process and log in as registered users, including administrators, when completing a booking. This is possible due to the plugin's failure to properly verify user identity. Exploitation of this vulnerability is contingent upon the 'Auto login user after successful booking' setting being enabled.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/xYRS6Z
https://www.cve.org/CVERecord?id=CVE-2024-7350
https://nvd.nist.gov/vuln/detail/CVE-2024-7350

Back to Vulnerability Database

CVE-2024-7350

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations