CVE-2024-13821

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Feb 12, 2025

Updated: Feb 25, 2025

CWE ID 285

Summary

CVE-2024-13821 is a vulnerability affecting the WP Booking Calendar plugin for WordPress. In versions up to 10.10, an unauthenticated attacker can manipulate confirmed bookings after they have been made and approved. This is due to the plugin's failure to require re-verification, allowing changes to be made without proper authorization. This vulnerability poses a significant risk to WordPress sites using the WP Booking Calendar plugin and should be addressed promptly by updating to the latest version or applying a patch.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/29icxr
https://www.cve.org/CVERecord?id=CVE-2024-13821
https://nvd.nist.gov/vuln/detail/CVE-2024-13821

Back to Vulnerability Database

CVE-2024-13821

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations