cleantalk
Vulnerabilities and Security Researches

Booking Package, e7eb5243d3af9fd38973f7d59bebc6d698472b0b

CVE, Research URL

e7eb5243d3af9fd38973f7d59bebc6d698472b0b

Home page URL

Security reports for Booking Package

Application

Booking Package

Published on
Jul 05, 2023
Research Description
Booking Package [booking-package] < 1.5.99 Booking Package <= 1.5.98 - Authorization Bypass to Arbitrary Password Reset The Booking Package plugin for WordPress is vulnerable to Authorization Bypass in versions up to, and including 1.5.98 due to missing validation in the 'updateUser' function. This allows unauthenticated attackers to reset the email and password of any user on the site if they know the username. Note that only sites that have an active premium subscription are vulnerable.
Affected versions
max 1.5.99.
Status
vulnerable
Previous vulnerability researches
BP Group Documents (8baef861c378b15eb8c204ede505bfadd5814db1) , Jun 07, 2024
BP Group Documents (6680bcfa-bc62-472f-8f56-22c84276297d) , Jun 16, 2026
BP Group Documents (5063acc729c4a8181d4837a67fa533b9338c53d7) , Jun 16, 2026
BP Group Documents (98d70764-8d00-4faa-8b52-89a1c27dc69e) , Jun 16, 2026
BP Group Documents (51acb6f4-f861-44b2-bf18-40ce0e63b92f) , Jun 16, 2026
New vulnerability
Request a Quote (359a61d5705c479c547aeae7536b6ad5e6d3b1c8) , Jun 16, 2026
Request a Quote (6eba2aa8fd71d4ea7dd969e0a5b52e3f1366a2fa) , Jun 16, 2026
Request a Quote (4bc92bf8b452fa0f54703c576853e3a3e56157bd) , Jun 16, 2026
Request a Quote (5e7ad671f8a77a469a90b6a2aae807bbb1bc5199) , Jun 16, 2026
WP Tools Divi Product Carousel (d2857175794c39e5c1d58063dbe17bd1f0436931) , Jun 16, 2026