Medium severity6.5NVD Advisory· Published Dec 21, 2024· Updated Apr 15, 2026

CVE-2024-12558

Description

The WP BASE Booking of Appointments, Services and Events plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_db function in all versions up to, and including, 4.9.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to expose sensitive information from the database, such as the hashed administrator password.

Affected products

WordPress/Wp Base Booking Of Appointments Services And Eventsinferred
Range: <=4.9.2
Package: https://wordpress.org/plugins/wp-base-booking-of-appointments-services-and-events

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

plugins.trac.wordpress.org/browser/wp-base-booking-of-appointments-services-and-events/tags/4.9.2/includes/freeons/export-import.phpnvd
plugins.trac.wordpress.org/changeset/3210164/wp-base-booking-of-appointments-services-and-events/tags/5.0.0/includes/freeons/export-import.phpnvd
www.wordfence.com/threat-intel/vulnerabilities/id/09831b2f-8f79-4833-8fc6-f1af56c6abc8nvd

News mentions

No linked articles in our index yet.

cvss	0.423
epss	0.030
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000