CVE-2022-0709

Summary

The Booking Package WordPress plugin before 1.5.29 requires a token for exporting the ical representation of it's booking calendar, but this token is returned in the json response to unauthenticated users performing a booking, leading to a sensitive data disclosure vulnerability.

Affected Software

VendorProductVersion RangeStatus
UnknownBooking Package – Appointment Booking Calendar System1.5.29 < 1.5.29affected

Weaknesses

  • CWE-200: CWE-200 Information Exposure

ADP Enrichment

CVE Program Container

Additional References

References