CVE-2022-0709

CVE-2022-0709: Booking Package < 1.5.29 - Unauthenticated Sensitive Data Disclosure

Vendor Unknown
Product Booking Package – Appointment Booking Calendar System
Weakness CWE-200 · Info exposure
Published April 4, 2022
Last update August 2, 2024

CVSS base score

What the vulnerability does

01Description

The Booking Package WordPress plugin before 1.5.29 requires a token for exporting the ical representation of it's booking calendar, but this token is returned in the json response to unauthenticated users performing a booking, leading to a sensitive data disclosure vulnerability.

Key dates

02Disclosure timeline

April 4, 2022 CVE published
August 2, 2024 Record updated

Related vulnerabilities

04Related CVE