mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 09:11:28 +00:00
78 lines
2.6 KiB
JSON
78 lines
2.6 KiB
JSON
{
|
|
"id": "CVE-2022-4340",
|
|
"sourceIdentifier": "contact@wpscan.com",
|
|
"published": "2023-01-02T22:15:17.127",
|
|
"lastModified": "2024-11-21T07:35:05.203",
|
|
"vulnStatus": "Modified",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "The BookingPress WordPress plugin before 1.0.31 suffers from an Insecure Direct Object Reference (IDOR) vulnerability in it's thank you page, allowing any visitor to display information about any booking, including full name, date, time and service booked, by manipulating the appointment_id query parameter."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "El complemento BookingPress de WordPress anterior a la versi\u00f3n 1.0.31 sufre una vulnerabilidad de Insecure Direct Object Reference (IDOR) en su p\u00e1gina de agradecimiento, lo que permite a cualquier visitante mostrar informaci\u00f3n sobre cualquier reserva, incluido el nombre completo, la fecha, la hora y el servicio reservado, manipulando el id de cita. par\u00e1metro de consulta."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
|
|
"baseScore": 5.3,
|
|
"baseSeverity": "MEDIUM",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "LOW",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE"
|
|
},
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 1.4
|
|
}
|
|
]
|
|
},
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:reputeinfosystems:bookingpress:*:*:*:*:*:wordpress:*:*",
|
|
"versionEndExcluding": "1.0.31",
|
|
"matchCriteriaId": "0CE958CD-4171-43CE-955B-CA0931C93B44"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://wpscan.com/vulnerability/8a7bd9f6-2789-474b-a237-01c643fdfba7",
|
|
"source": "contact@wpscan.com",
|
|
"tags": [
|
|
"Exploit",
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://wpscan.com/vulnerability/8a7bd9f6-2789-474b-a237-01c643fdfba7",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Exploit",
|
|
"Third Party Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |