CVE-2022-4340: BookingPress < 1.0.31 - Unauthenticated IDOR in appointment_id
First published: Mon Jan 02 2023(Updated: )
The BookingPress WordPress plugin before 1.0.31 suffers from an Insecure Direct Object Reference (IDOR) vulnerability in it's thank you page, allowing any visitor to display information about any booking, including full name, date, time and service booked, by manipulating the appointment_id query parameter.
Credit: contact@wpscan.com contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Reputeinfosystems Bookingpress | <1.0.31 | |
| <1.0.31 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2022-4340?
CVE-2022-4340 is an Insecure Direct Object Reference (IDOR) vulnerability in the BookingPress WordPress plugin before version 1.0.31.
What can an attacker do with CVE-2022-4340?
An attacker can manipulate the appointment_id query parameter in the BookingPress thank you page to display information about any booking, including full name, date, time, and service booked.
How can I mitigate CVE-2022-4340?
To mitigate CVE-2022-4340, it is recommended to update the BookingPress WordPress plugin to version 1.0.31 or higher.
What is the severity of CVE-2022-4340?
CVE-2022-4340 has a severity rating of 5.3 (Medium).
Is there any reference for CVE-2022-4340?
Yes, you can find more information about CVE-2022-4340 at the following link: https://wpscan.com/vulnerability/8a7bd9f6-2789-474b-a237-01c643fdfba7
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/title
- agent/weakness
- agent/references
- agent/description
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/author
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/reputeinfosystems
- canonical/reputeinfosystems bookingpress