CVE-2024-12274

High CVSS: 7.5

The Appointment Booking Calendar Plugin and Scheduling Plugin WordPress plugin before 1.1.23 export settings functionality exports data to a public folder, with an easily guessable file name, allowing unauthenticated attackers to access the exported files (if they exist).

Vendor

Codepeople

Product

Appointment Booking Calendar

CWE

NVD-CWE-noinfo

Yayın Tarihi

2025-01-13 06:15:10

Güncelleme

2025-05-08 19:37:55

Source Identifier

contact@wpscan.com

KEV Date Added

Kategoriler

NVD-CWE-noinfo Appointment Booking Calendar HIGH Codepeople 2025

Referanslar

https://wpscan.com/vulnerability/e3176c9a-63f3-4a28-a8a7-8abb2b4100ef/

Benzer Kayıtlar

High

CVE-2025-49291

Cross-Site Request Forgery (CSRF) vulnerability in codepeople Calculated Fields Form calculated-fields-form allows Cross…

Medium

CVE-2024-8854

The Polls CP WordPress plugin before 1.0.77 does not sanitise and escape some of its poll settings, which could allow hi…

Medium

CVE-2024-8851

The Polls CP WordPress plugin before 1.0.77 does not sanitise and escape some of its poll settings, which could allow hi…

Medium

CVE-2024-13382

The Calculated Fields Form WordPress plugin before 5.2.64 does not sanitise and escape some of its settings, which could…

Medium

CVE-2024-13381

The Calculated Fields Form WordPress plugin before 5.2.62 does not sanitise and escape some of its settings, which could…

Low

CVE-2024-12273

The Calculated Fields Form WordPress plugin before 5.2.62 does not sanitise and escape some of its settings, which could…