WordPress Plugin Vulnerabilities

We’re Open! < 1.45 - Missing Authorization

Description

The plugin does not have authorisation in various AJAX actions, which could allow unauthenticated users to call them and perform unauthorised actions

Affects Plugins

Plugin icon
opening-hours
Fixed in 1.45

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (medium)

Miscellaneous

Verified
No
WPVDB ID
97760a6e-762b-41e8-b795-3a07edbc6971

Timeline

Publicly Published
2023-02-01 (about 3 years ago)
Added
2023-06-14 (about 2 years ago)
Last Updated
2023-06-14 (about 2 years ago)

Other

Published
Title
Published
2025-12-21
Title
Wappointment <=2.7.2 - Missing Authorization
Published
2024-12-11
Title
WPCargo Track & Trace <= 8.0.2 - Subscriber+ Settings Update
Published
2026-01-06
Title
Reviewify < 1.0.8 - Missing Authorization to Authenticated (Contributor+) Arbitrary WooCommerce Coupon Creation
Published
2024-01-30
Title
Fatal Error Notify < 1.5.3 - Subscriber+ Test Error Email Sending
Published
2025-09-03
Title
Classified Listing < 5.0.7 - Missing Authorization