{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-28T17:48:31.604","vulnerabilities":[{"cve":{"id":"CVE-2024-7350","sourceIdentifier":"security@wordfence.com","published":"2024-08-08T03:15:34.800","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Appointment Booking Calendar Plugin and Online Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to authentication bypass in versions 1.1.6 to 1.1.7. This is due to the plugin not properly verifying a user's identity prior to logging them in when completing a booking. This makes it possible for unauthenticated attackers to log in as registered users, including administrators, if they have access to that user's email.  This is only exploitable when the 'Auto login user after successful booking' setting is enabled."},{"lang":"es","value":"El complemento Appointment Booking Calendar Plugin and Online Scheduling Plugin – BookingPress  para WordPress es vulnerable a la omisión de autenticación en las versiones 1.1.6 a 1.1.7. Esto se debe a que el complemento no verifica adecuadamente la identidad del usuario antes de iniciar sesión al completar una reserva. Esto hace posible que atacantes no autenticados inicien sesión como usuarios registrados, incluidos administradores, si tienen acceso al correo electrónico de ese usuario. Esto solo se puede explotar cuando la configuración \"Inicio de sesión automático de usuario después de una reserva exitosa\" está habilitada."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-288"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/bookingpress-appointment-booking/trunk/core/classes/class.bookingpress_customers.php#L339","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3130266/bookingpress-appointment-booking/trunk/core/classes/class.bookingpress_customers.php","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4c367565-75f7-4dd7-a2f1-111df581bd7a?source=cve","source":"security@wordfence.com"}]}}]}