CVE-2024-9872
CVSS 3.1 Score 5.4 of 10 (medium)
Details
Summary
CVE-2024-9872 is a vulnerability affecting the Online Booking & Scheduling Calendar plugin for WordPress by vcita. In versions up to 4.5.1, the vcita_save_user_data_callback() function lacks appropriate capability checks. This oversight enables authenticated attackers with Subscriber-level access and above to unauthorizedly modify data, including injecting malicious web scripts and updating settings. Such actions could potentially lead to serious security consequences, like site takeover or data theft. It's crucial for users to update their vcita plugin to the latest version as soon as possible to mitigate this issue.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.