VYPR

vcita

by WordPress

Source repositories

CVEs (2)

  • CVE-2023-2416MedJun 3, 2023
    risk 0.28cvss 5.4epss 0.00

    The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the vcita_logout_callback function in versions up to, and including, 4.5. This makes it possible for unauthenticated…

  • CVE-2023-2299MedJun 3, 2023
    risk 0.28cvss 5.3epss 0.01

    The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized medication of data via the /wp-json/vcita-wordpress/v1/actions/auth REST-API endpoint in versions up to, and including, 4.4.2 due to a missing capability check on…