CVE-2024-12558 – WordPress WP BASE Booking Unauthenticated Database Access Vulnerability

12月 21, 2024
11:16 am

CVE ID : CVE-2024-12558

Published : Dec. 21, 2024, 10:15 a.m. | 1 hour, 1 minute ago

Description : The WP BASE Booking of Appointments, Services and Events plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_db function in all versions up to, and including, 4.9.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to expose sensitive information from the database, such as the hashed administrator password.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2024-12558 – WordPress WP BASE Booking Unauthenticated Database Access Vulnerability

Elvescore.io

Recent Posts

CVE-2024-12875 – Easy Digital Downloads WordPress Directory Traversal Vulnerability

CVE-2024-10453 – Elementor Website Builder Stored Cross-Site Scripting Vulnerability

CVE-2024-11688 – WordPress LaTeX2HTML Reflected Cross-Site Scripting

CVE-2024-11722 – WordPress DynamiApps Frontend Admin SQL Injection

CVE-2024-12408 – “Amazon Web Services (AWS) WordPress Reflected Cross-Site Scripting (XSS)”