CVE-2024-2844
published 2024-03-29CVE-2024-2844: The Easy Appointments plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient user validation on the…
PriorityP422medium4.3CVSS 3.1
AVNACLPRLUINSUCNILAN
EPSS
0.43%
34.8th percentile
The Easy Appointments plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient user validation on the ajax_cancel_appointment() function in all versions up to, and including, 3.11.18. This makes it possible for unauthenticated attackers to cancel other users orders.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| easy-appointments | easy_appointments | < 3.11.19 | 3.11.19 |
| easyappointments | easy_appointments | <= 3.11.18 | — |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2vp3-qj4j-9chv: The Easy Appointments plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient user validation on the ajax_cancel_a
ghsa_unreviewed·2024-03-29
CVE-2024-2844 [MEDIUM] CWE-862 GHSA-2vp3-qj4j-9chv: The Easy Appointments plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient user validation on the ajax_cancel_a
The Easy Appointments plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient user validation on the ajax_cancel_appointment() function in all versions up to, and including, 3.11.18. This makes it possible for unauthenticated attackers to cancel other users orders.
Red Hat
kernel: io_uring: fix error pbuf checking
vendor_redhat·2024-08-08·CVSS 5.5
CVE-2024-42254 [MEDIUM] kernel: io_uring: fix error pbuf checking
kernel: io_uring: fix error pbuf checking
In the Linux kernel, the following vulnerability has been resolved:
io_uring: fix error pbuf checking
Syz reports a problem, which boils down to NULL vs IS_ERR inconsistent
error handling in io_alloc_pbuf_ring().
KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
RIP: 0010:__io_remove_buffers+0xac/0x700 io_uring/kbuf.c:341
Call Trace:
io_put_bl io_uring/kbuf.c:378 [inline]
io_destroy_buffers+0x14e/0x490 io_uring/kbuf.c:392
io_ring_ctx_free+0xa00/0x1070 io_uring/io_uring.c:2613
io_ring_exit_work+0x80f/0x8a0 io_uring/io_uring.c:2844
process_one_work kernel/workqueue.c:3231 [inline]
process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3312
worker_thread+0x86d/0xd40 kernel/workqueue.c:3390
kthread+0x2f0/0x390 kernel/kthread.c:3
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://plugins.trac.wordpress.org/browser/easy-appointments/trunk/src/ajax.php#L380https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3059359%40easy-appointments&new=3059359%40easy-appointments&sfp_email=&sfph_mail=https://www.wordfence.com/threat-intel/vulnerabilities/id/c0d8ac01-ac73-47ea-839b-edc820436f27?source=cvehttps://plugins.trac.wordpress.org/browser/easy-appointments/trunk/src/ajax.php#L380https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3059359%40easy-appointments&new=3059359%40easy-appointments&sfp_email=&sfph_mail=https://www.wordfence.com/threat-intel/vulnerabilities/id/c0d8ac01-ac73-47ea-839b-edc820436f27?source=cve
2024-03-29
Published