CVE-2022-0709

The Booking Package WordPress plugin before 1.5.29 requires a token for exporting the ical representation of it's booking calendar, but this token is returned in the json response to unauthenticated users performing a booking, leading to a sensitive data disclosure vulnerability.
References
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:saasproject:booking_package:*:*:*:*:*:wordpress:*:*

Information

Published : 2022-04-04 09:15

Updated : 2022-04-11 10:56


NVD link : CVE-2022-0709

Mitre link : CVE-2022-0709


JSON object : View

Advertisement

dedicated server usa

Products Affected

saasproject

  • booking_package