Vulnerability Description
The Scheduling Plugin – Online Booking for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cbsb_disconnect_settings' function in all versions up to, and including, 3.5.10. This makes it possible for unauthenticated attackers to disconnect the plugin from the startbooking service and remove connection data.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Startbooking | Scheduling Plugin | <= 3.5.10 |
Related Weaknesses (CWE)
References
- https://wordpress.org/plugins/calendar-booking/Product
- https://www.wordfence.com/threat-intel/vulnerabilities/id/60e642f9-74ff-47f1-a49Third Party Advisory
- https://wordpress.org/plugins/calendar-booking/Product
- https://www.wordfence.com/threat-intel/vulnerabilities/id/60e642f9-74ff-47f1-a49Third Party Advisory
FAQ
What is CVE-2024-1634?
CVE-2024-1634 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The Scheduling Plugin – Online Booking for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cbsb_disconnect_settings' function in all...
How severe is CVE-2024-1634?
CVE-2024-1634 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-1634?
Check the references section above for vendor advisories and patch information. Affected products include: Startbooking Scheduling Plugin.