CVE-2018-10363

HIGH

WpDevArt Booking calendar <2.2.2 - Info Disclosure

Title source: llm
STIX 2.1

Description

An issue was discovered in the WpDevArt "Booking calendar, Appointment Booking System" plugin 2.2.2 for WordPress. Multiple parameters allow remote attackers to manipulate the values to change data such as prices.

References (1)

Core 1
Core References

Scores

CVSS v3 7.5
EPSS 0.0137
EPSS Percentile 68.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-20
Status published
Products (1)
wpdevart/booking_calendar 2.2.2
Published Jun 13, 2018
Tracked Since Feb 18, 2026