Filtered by vendor Vcita
Subscribe
Filtered by product Online Booking \& Scheduling Calendar For Wordpress By Vcita
Subscribe
Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-39992 | 1 Vcita | 1 Online Booking \& Scheduling Calendar For Wordpress By Vcita | 2023-12-10 | N/A | 6.1 MEDIUM |
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in vCita.Com Online Booking & Scheduling Calendar for WordPress by vcita plugin <= 4.3.2 versions. | |||||
CVE-2023-2416 | 1 Vcita | 1 Online Booking \& Scheduling Calendar For Wordpress By Vcita | 2023-12-10 | N/A | 6.5 MEDIUM |
The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the vcita_logout_callback function in versions up to, and including, 4.2.10. This makes it possible for unauthenticated to logout a vctia connected account which would cause a denial of service on the appointment scheduler, via a forged request granted they can trick a site user into performing an action such as clicking on a link. | |||||
CVE-2023-2415 | 1 Vcita | 1 Online Booking \& Scheduling Calendar For Wordpress By Vcita | 2023-12-10 | N/A | 5.4 MEDIUM |
The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_logout_callback function in versions up to, and including, 4.2.10. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to logout a vctia connected account which would cause a denial of service on the appointment scheduler. |