vulnerability

WordPress Plugin: appointment-hour-booking: CVE-2023-45649: Missing Authorization

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
Published
Oct 11, 2023
Added
May 15, 2025
Modified
May 15, 2025

Description

The Appointment Hour Booking plugin for WordPress is vulnerable to unauthorized double booking due to insufficient validation on the data_management() function in versions up to, and including, 1.4.23. This makes it possible for unauthenticated attackers to make double bookings.

Solution

appointment-hour-booking-plugin-cve-2023-45649
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.