Arbitrary Data Manipulation in WpDevArt Booking Calendar Plugin
CVE-2018-10363 · MEDIUM Severity
AV:N/AC:L/AU:N/C:N/I:P/A:N
An issue was discovered in the WpDevArt "Booking calendar, Appointment Booking System" plugin 2.2.2 for WordPress. Multiple parameters allow remote attackers to manipulate the values to change data such as prices.
Learn more about our Wordpress Pen Testing.