Arbitrary Data Manipulation in WpDevArt Booking Calendar Plugin

Arbitrary Data Manipulation in WpDevArt Booking Calendar Plugin

CVE-2018-10363 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

An issue was discovered in the WpDevArt "Booking calendar, Appointment Booking System" plugin 2.2.2 for WordPress. Multiple parameters allow remote attackers to manipulate the values to change data such as prices.

Learn more about our Wordpress Pen Testing.