cve/2024/CVE-2024-5071.md

### [CVE-2024-5071](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5071)
![](https://img.shields.io/static/v1?label=Product&message=Bookster%20&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-863%20Incorrect%20Authorization&color=brighgreen)

### Description

The Bookster  WordPress plugin through 1.1.0 allows adding sensitive parameters when validating appointments allowing attackers to manipulate the data sent when booking an appointment (the request body) to change its status from pending to approved.

### POC

#### Reference
- https://wpscan.com/vulnerability/07b293cf-5174-45de-8606-a782a96a35b3/

#### Github
No PoCs found on GitHub currently.
Update CVE sources 2024-07-25 21:25 2024-07-25 21:25:12 +00:00			`### [CVE-2024-5071](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5071)`
			`![](https://img.shields.io/static/v1?label=Product&message=Bookster%20&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-863%20Incorrect%20Authorization&color=brighgreen)`

			`### Description`

			`The Bookster WordPress plugin through 1.1.0 allows adding sensitive parameters when validating appointments allowing attackers to manipulate the data sent when booking an appointment (the request body) to change its status from pending to approved.`

			`### POC`

			`#### Reference`
			`- https://wpscan.com/vulnerability/07b293cf-5174-45de-8606-a782a96a35b3/`

			`#### Github`
			`No PoCs found on GitHub currently.`