WordPress Plugin Vulnerabilities

BookIt <= 2.4.0 - Price Bypass

Description

The Booking Calendar | Appointment Booking | BookIt plugin for WordPress is vulnerable to Price Bypass in versions up to and including 2.4.0. This makes it possible for site owners to make use of premium plugin features without paying. Note that this does not meaningfully negatively impact site owners themselves.

Affects Plugins

Plugin icon
bookit
Fixed in 2.4.1

References

CVE
CVE-2024-24715
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/d9938c7d-ef0d-45a2-900f-ac8bda9ce75a

Miscellaneous

Original Researcher
Debangshu Kundu, Arpeet Rathi
Verified
No
WPVDB ID
4907bf42-98f4-443f-a48f-4aae9a9b04ec

Timeline

Publicly Published
2024-01-31 (about 2 years ago)
Added
2024-02-06 (about 2 years ago)
Last Updated
2024-02-06 (about 2 years ago)

Other

Published
Title
Published
2018-05-10
Title
BBE Theme < 1.53 - Direct Object Reference
Published
2025-09-25
Title
Banhammer < 3.4.9 - Unauthenticated Protection Mechanism Bypass
Published
2015-04-17
Title
Mashshare <= 2.3.0 - Information Disclosure
Published
2020-10-02
Title
WordPress + Microsoft Office 365 < 11.7 - JWT Signature Verification Bypass
Published
2022-05-18
Title
HC Custom WP-Admin URL <= 1.4 - Unauthenticated Secret URL Disclosure