Headline
CVE-2022-43482: WordPress Appointment Booking Calendar plugin <= 1.3.69 - Missing Authorization vulnerability - Patchstack
Missing Authorization vulnerability in Appointment Booking Calendar plugin <= 1.3.69 on WordPress.
Verified
Fixed
4.3
CVSS 3.1 score Medium severity
Report
Monitoring Not reported to be exploited
Vulnerable versions
<= 1.3.69
PSID
f42d72f1e6b9
Classification
Other Vulnerability Type
OWASP Top 10
A5: Broken Access Control
Required privilege
Requires subscriber or higher role user authentication.
Publicly disclosed
2022-10-30
Details
Missing Authorization vulnerability leading to Feedback Submission discovered by Lana Codes (Patchstack Alliance) in the WordPress Appointment Booking Calendar plugin (versions <= 1.3.69).
Solution
Update the WordPress Appointment Booking Calendar plugin to the latest available version (at least 1.3.70).
References