{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-5071","assignerOrgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","state":"PUBLISHED","assignerShortName":"WPScan","dateReserved":"2024-05-17T14:55:43.858Z","datePublished":"2024-06-26T06:00:04.151Z","dateUpdated":"2024-10-28T20:13:18.059Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","shortName":"WPScan","dateUpdated":"2024-06-26T06:00:04.151Z"},"title":"Bookster <= 1.1.0 - Unauthenticated Appointment Status Update","problemTypes":[{"descriptions":[{"description":"CWE-863 Incorrect Authorization","lang":"en","type":"CWE"}]}],"affected":[{"vendor":"Unknown","product":"Bookster ","versions":[{"status":"affected","versionType":"semver","version":"0","lessThanOrEqual":"1.1.0"}],"defaultStatus":"affected"}],"descriptions":[{"lang":"en","value":"The Bookster  WordPress plugin through 1.1.0 allows adding sensitive parameters when validating appointments allowing attackers to manipulate the data sent when booking an appointment (the request body) to change its status from pending to approved."}],"references":[{"url":"https://wpscan.com/vulnerability/07b293cf-5174-45de-8606-a782a96a35b3/","tags":["exploit","vdb-entry","technical-description"]}],"credits":[{"lang":"en","value":"Roshan Cheriyan","type":"finder"},{"lang":"en","value":"WPScan","type":"coordinator"}],"source":{"discovery":"EXTERNAL"},"x_generator":{"engine":"WPScan CVE Generator"}},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-863","lang":"en","description":"CWE-863 Incorrect Authorization"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":6.5,"attackVector":"NETWORK","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","integrityImpact":"HIGH","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"NONE","privilegesRequired":"LOW","confidentialityImpact":"NONE"}},{"other":{"type":"ssvc","content":{"timestamp":"2024-06-26T23:12:00.693838Z","id":"CVE-2024-5071","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-10-28T20:13:18.059Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-01T21:03:10.655Z"},"title":"CVE Program Container","references":[{"url":"https://wpscan.com/vulnerability/07b293cf-5174-45de-8606-a782a96a35b3/","tags":["exploit","vdb-entry","technical-description","x_transferred"]}]}]}}