{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-30T03:17:59.513","vulnerabilities":[{"cve":{"id":"CVE-2024-13821","sourceIdentifier":"security@wordfence.com","published":"2025-02-12T08:15:08.660","lastModified":"2025-02-25T19:37:29.223","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The WP Booking Calendar plugin for WordPress is vulnerable to Unauthenticated Post-Confirmation Booking Manipulation in all versions up to, and including, 10.10. This is due to the plugin not properly requiring re-verification after a booking has been made and a change is being attempted. This makes it possible for unauthenticated attackers to manipulate their confirmed bookings, even after they have been approved."},{"lang":"es","value":"El complemento WP Booking Calendar para WordPress es vulnerable a la manipulación de reservas posteriores a la confirmación no autenticadas en todas las versiones hasta la 10.10 incluida. Esto se debe a que el complemento no requiere una nueva verificación después de que se haya realizado una reserva y se intente realizar un cambio. Esto hace posible que los atacantes no autenticados manipulen sus reservas confirmadas, incluso después de que hayan sido aprobadas."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-285"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wpbookingcalendar:booking_calendar:*:*:*:*:*:wordpress:*:*","versionEndExcluding":"10.10.1","matchCriteriaId":"1127BA18-576E-4B4B-AF49-4F67A526FEB4"}]}]}],"references":[{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3234469%40booking&new=3234469%40booking&sfp_email=&sfph_mail=#file20","source":"security@wordfence.com","tags":["Patch"]},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8a0b961e-ccc3-4da0-b007-bbafa133a3a8?source=cve","source":"security@wordfence.com","tags":["Third Party Advisory"]}]}}]}