CVE-2019-15774 - The nd-booking plugin before 2.5 for WordPress has a nopriv_ AJAX action that allows modification of

CVE-2019-15774

Summary

The nd-booking plugin before 2.5 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting.

References

Vulnerable Configurations

cpe:2.3:a:booking_project:booking:-:*:*:*:*:wordpress:*:*
cpe:2.3:a:booking_project:booking:-:*:*:*:*:wordpress:*:*
cpe:2.3:a:booking_project:booking:1.0:*:*:*:*:wordpress:*:*
cpe:2.3:a:booking_project:booking:1.0:*:*:*:*:wordpress:*:*
cpe:2.3:a:booking_project:booking:2.0:*:*:*:*:wordpress:*:*
cpe:2.3:a:booking_project:booking:2.0:*:*:*:*:wordpress:*:*
cpe:2.3:a:booking_project:booking:2.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:booking_project:booking:2.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:booking_project:booking:2.2:*:*:*:*:wordpress:*:*
cpe:2.3:a:booking_project:booking:2.2:*:*:*:*:wordpress:*:*
cpe:2.3:a:booking_project:booking:2.2.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:booking_project:booking:2.2.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:booking_project:booking:2.2.2:*:*:*:*:wordpress:*:*
cpe:2.3:a:booking_project:booking:2.2.2:*:*:*:*:wordpress:*:*
cpe:2.3:a:booking_project:booking:2.2.3:*:*:*:*:wordpress:*:*
cpe:2.3:a:booking_project:booking:2.2.3:*:*:*:*:wordpress:*:*
cpe:2.3:a:booking_project:booking:2.2.4:*:*:*:*:wordpress:*:*
cpe:2.3:a:booking_project:booking:2.2.4:*:*:*:*:wordpress:*:*
cpe:2.3:a:booking_project:booking:2.2.5:*:*:*:*:wordpress:*:*
cpe:2.3:a:booking_project:booking:2.2.5:*:*:*:*:wordpress:*:*
cpe:2.3:a:booking_project:booking:2.2.6:*:*:*:*:wordpress:*:*
cpe:2.3:a:booking_project:booking:2.2.6:*:*:*:*:wordpress:*:*
cpe:2.3:a:booking_project:booking:2.2.7:*:*:*:*:wordpress:*:*
cpe:2.3:a:booking_project:booking:2.2.7:*:*:*:*:wordpress:*:*
cpe:2.3:a:booking_project:booking:2.2.8:*:*:*:*:wordpress:*:*
cpe:2.3:a:booking_project:booking:2.2.8:*:*:*:*:wordpress:*:*
cpe:2.3:a:booking_project:booking:2.2.9:*:*:*:*:wordpress:*:*
cpe:2.3:a:booking_project:booking:2.2.9:*:*:*:*:wordpress:*:*
cpe:2.3:a:booking_project:booking:2.3.0:*:*:*:*:wordpress:*:*
cpe:2.3:a:booking_project:booking:2.3.0:*:*:*:*:wordpress:*:*
cpe:2.3:a:booking_project:booking:2.3.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:booking_project:booking:2.3.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:booking_project:booking:2.3.2:*:*:*:*:wordpress:*:*
cpe:2.3:a:booking_project:booking:2.3.2:*:*:*:*:wordpress:*:*
cpe:2.3:a:booking_project:booking:2.3.3:*:*:*:*:wordpress:*:*
cpe:2.3:a:booking_project:booking:2.3.3:*:*:*:*:wordpress:*:*
cpe:2.3:a:booking_project:booking:2.3.4:*:*:*:*:wordpress:*:*
cpe:2.3:a:booking_project:booking:2.3.4:*:*:*:*:wordpress:*:*
cpe:2.3:a:booking_project:booking:2.3.5:*:*:*:*:wordpress:*:*
cpe:2.3:a:booking_project:booking:2.3.5:*:*:*:*:wordpress:*:*
cpe:2.3:a:booking_project:booking:2.3.6:*:*:*:*:wordpress:*:*
cpe:2.3:a:booking_project:booking:2.3.6:*:*:*:*:wordpress:*:*
cpe:2.3:a:booking_project:booking:2.3.7:*:*:*:*:wordpress:*:*
cpe:2.3:a:booking_project:booking:2.3.7:*:*:*:*:wordpress:*:*
cpe:2.3:a:booking_project:booking:2.3.8:*:*:*:*:wordpress:*:*
cpe:2.3:a:booking_project:booking:2.3.8:*:*:*:*:wordpress:*:*
cpe:2.3:a:booking_project:booking:2.3.9:*:*:*:*:wordpress:*:*
cpe:2.3:a:booking_project:booking:2.3.9:*:*:*:*:wordpress:*:*
cpe:2.3:a:booking_project:booking:2.4:*:*:*:*:wordpress:*:*
cpe:2.3:a:booking_project:booking:2.4:*:*:*:*:wordpress:*:*
cpe:2.3:a:booking_project:booking:2.4.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:booking_project:booking:2.4.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:booking_project:booking:2.4.2:*:*:*:*:wordpress:*:*
cpe:2.3:a:booking_project:booking:2.4.2:*:*:*:*:wordpress:*:*

CVSS

Base:	5.8 (as of 04-09-2019 - 01:25)
Impact:
Exploitability:

CWE

CWE-601

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:N

refmap via4

misc

Last major update

04-09-2019 - 01:25

Published

29-08-2019 - 12:15

Last modified

04-09-2019 - 01:25