CVE-2024-6175 Information

Description

The Booking Ultra Pro Appointments Booking Calendar Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the multiple functions in all versions up to and including 1.1.13. This makes it possible for authenticated attackers with Subscriber-level access and above to modify and delete. multiple plugin options and data such as payments pricing booking information business hours calendars profile information and email templates.

Reference

https://www.wordfence.com/threat-intel/vulnerabilities/id/0594ed62-0a41-4819-89b8-ea31afbcac73?source=cve https://wordpress.org/plugins/booking-ultra-pro/#description