What the vulnerability does
01Description
Insertion of Sensitive Information Into Sent Data vulnerability in awethemes AweBooking awebooking allows Retrieve Embedded Sensitive Data.This issue affects AweBooking: from n/a through <= 3.2.26.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
What the vulnerability does
Insertion of Sensitive Information Into Sent Data vulnerability in awethemes AweBooking awebooking allows Retrieve Embedded Sensitive Data.This issue affects AweBooking: from n/a through <= 3.2.26.
Explanation of Vulnerability in Simple Terms
AweBooking versions up to 3.2.26 expose sensitive information to authenticated users. A logged-in attacker can read data they should not have access to, such as other users' booking details or system configuration. The vulnerability requires a valid user account but no additional user interaction. Update to a version newer than 3.2.26.
What an attacker can do
Read sensitive data belonging to other users or the system that should be restricted.
Potential impact on your site
User privacy is at risk; booking data and other sensitive information may be exposed to any authenticated user.
Conditions required to exploit
Attacker must have a valid user account on the site; no special privileges required.
Key dates
External resources
Related vulnerabilities