What the vulnerability does
01Description
Missing Authorization vulnerability in Roland Murg WP Simple Booking Calendar wp-simple-booking-calendar.This issue affects WP Simple Booking Calendar: from n/a through <= 2.0.13.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
What the vulnerability does
Missing Authorization vulnerability in Roland Murg WP Simple Booking Calendar wp-simple-booking-calendar.This issue affects WP Simple Booking Calendar: from n/a through <= 2.0.13.
Explanation of Vulnerability in Simple Terms
WP Simple Booking Calendar versions 2.0.13 and earlier lack proper authorization checks, allowing authenticated users to read sensitive data they should not access. An attacker with a low-privilege account can view confidential information without additional interaction. Update to a version newer than 2.0.13 to resolve this issue.
What an attacker can do
Read sensitive data from the booking calendar that should be restricted to higher-privilege users.
Potential impact on your site
Booking data, customer information, or other confidential calendar details may be exposed to low-privilege users.
Conditions required to exploit
Attacker must have a low-privilege account on the WordPress site (e.g., subscriber or contributor role).
Key dates
External resources