漏洞标题
N/A
漏洞描述信息
vcita WordPress插件提供的在线预订和排程日历由于4.2.10版本及以上版本的vcita_logout_callback函数中的nonce检查缺失,容易受到跨站点请求伪造(XSS)攻击。这可能导致未授权的关闭与vctia关联的账户,从而导致约会排程器拒绝服务,通过伪造请求,他们还可以欺骗网站用户执行操作,例如点击链接。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
漏洞类别
跨站请求伪造(CSRF)
漏洞标题
N/A
漏洞描述信息
The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the vcita_logout_callback function in versions up to, and including, 4.2.10. This makes it possible for unauthenticated to logout a vctia connected account which would cause a denial of service on the appointment scheduler, via a forged request granted they can trick a site user into performing an action such as clicking on a link.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
漏洞类别
N/A
漏洞标题
WordPress Plugin Online Booking & Scheduling Calendar 跨站请求伪造漏洞
漏洞描述信息
WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress Plugin Online Booking & Scheduling Calendar 4.2.10及之前版本存在跨站请求伪造漏洞,该漏洞源于插件缺少对 vcita_logout_callback 函数的随机数检查,使未经身份验证的 vct
CVSS信息
N/A
漏洞类别
跨站请求伪造