Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Online_booking_\&_scheduling_calendar_for_wordpress_by_vcita
(Vcita)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 3 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-06-03 | CVE-2023-2416 | The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the vcita_logout_callback function in versions up to, and including, 4.2.10. This makes it possible for unauthenticated to logout a vctia connected account which would cause a denial of service on the appointment scheduler, via a forged request granted they can trick a site user into performing an action such as clicking on a link. | Online_booking_\&_scheduling_calendar_for_wordpress_by_vcita | 6.5 | ||
| 2023-06-03 | CVE-2023-2415 | The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_logout_callback function in versions up to, and including, 4.2.10. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to logout a vctia connected account which would cause a denial of service on the appointment scheduler. | Online_booking_\&_scheduling_calendar_for_wordpress_by_vcita | 5.4 | ||
| 2023-09-04 | CVE-2023-39992 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in vCita.Com Online Booking & Scheduling Calendar for WordPress by vcita plugin <= 4.3.2 versions. | Online_booking_\&_scheduling_calendar_for_wordpress_by_vcita | 6.1 |