[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fX19VppZlavFK794xll-XvbYOBO12-bY99cDwUEdBI8g":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20},"CVE-2023-37389","booking-package-authorization-bypass-to-arbitrary-password-reset","Booking Package \u003C= 1.5.98 - Authorization Bypass to Arbitrary Password Reset","The Booking Package plugin for WordPress is vulnerable to Authorization Bypass in versions up to, and including 1.5.98 due to missing validation in the 'updateUser' function. This allows unauthenticated attackers to reset the email and password of any user on the site if they know the username. Note that only sites that have an active premium subscription are vulnerable.","booking-package",null,"\u003C1.5.99","1.5.99","critical",9.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Authorization Bypass Through User-Controlled Key","2023-07-05 00:00:00","2024-01-22 19:56:02",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F65166432-a877-4070-94c1-cdaf7e5d7586?source=api-prod",202]