WordPress Plugin Vulnerabilities

Booking Calendar < 2.2.3 - Parameters Tampering Allowing Arbitrary Prices Change

Description

The plugin allows remote attackers to manipulate the values to change data such as prices.

Affects Plugins

Plugin icon
booking-calendar
Fixed in 2.2.3

References

CVE
CVE-2018-10363
URL
https://gist.github.com/B0UG/68d3161af0c0ec85c615ca7452f9755e

Miscellaneous

Verified
No
WPVDB ID
e5f01e87-5224-43d9-8c18-7fd9403f462f

Timeline

Publicly Published
2018-06-07 (about 5 years ago)
Added
2019-08-24 (about 4 years ago)
Last Updated
2023-09-15 (about 8 months ago)

Other

Published
Title
Published
2014-08-01
Title
Wordpress 2.6.1 - SQL Column Truncation Admin Takeover
Published
2014-08-01
Title
Yoast SEO < 1.4.7 - Reset Settings Feature Access Restriction Bypass
Published
2024-03-25
Title
Real Media Library: Media Library Folder & File Manager < 4.22.8 - Contributor+ Stored XSS
Published
2015-12-10
Title
Link Log < 2.0 - HTTP Response Splitting
Published
2014-08-01
Title
Social Media Widget 4.0 - social-widget.php MITM Weakness Arbitrary Code Injection