Unrated severityNVD Advisory· Published Apr 4, 2022· Updated Aug 2, 2024
Booking Package < 1.5.29 - Unauthenticated Sensitive Data Disclosure
CVE-2022-0709
Description
The Booking Package WordPress plugin before 1.5.29 requires a token for exporting the ical representation of it's booking calendar, but this token is returned in the json response to unauthenticated users performing a booking, leading to a sensitive data disclosure vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Booking Package WordPress plugindescription
- Range: <1.5.29
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/3cd1d8d2-d2a4-45a9-9b5f-c2a56f08be85mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.