CVE-2024-7129

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin WordPress plugin before 1.6.7.43 does not escape template syntax provided via user input, leading to Twig Template Injection which further exploited can result to remote code Execution by high privilege such as admins

CVSS v3 7.2 HIGH

7.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://wpscan.com/vulnerability/00ad9b1a-97a5-425f-841e-ea48f72ecda4/	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:nsqua:simply_schedule_appointments:*:*:*:*:*:wordpress:*:*

History

27 Sep 2024, 18:26

Type	Values Removed	Values Added
References	~~() https://wpscan.com/vulnerability/00ad9b1a-97a5-425f-841e-ea48f72ecda4/ -~~	() https://wpscan.com/vulnerability/00ad9b1a-97a5-425f-841e-ea48f72ecda4/ - Exploit, Third Party Advisory
CPE		cpe:2.3:a:nsqua:simply_schedule_appointments::::::wordpress::*
CWE		NVD-CWE-Other
CVSS	v2 : ~~unknown~~ v3 : ~~8.8~~	v2 : unknown v3 : 7.2
First Time		Nsqua Nsqua simply Schedule Appointments

13 Sep 2024, 14:35

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-13 06:15

Updated : 2024-09-27 18:26

NVD link : CVE-2024-7129

Mitre link : CVE-2024-7129

CVE.ORG link : CVE-2024-7129

JSON object : View

Products Affected

nsqua

simply_schedule_appointments

CWE

NVD-CWE-Other

{"id": "CVE-2024-7129", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-09-13T06:15:15.507", "references": [{"url": "https://wpscan.com/vulnerability/00ad9b1a-97a5-425f-841e-ea48f72ecda4/", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The Appointment Booking Calendar \u2014 Simply Schedule Appointments Booking Plugin WordPress plugin before 1.6.7.43 does not escape template syntax provided via user input, leading to Twig Template Injection which further exploited can result to remote code Execution by high privilege such as admins"}, {"lang": "es", "value": "El complemento Appointment Booking Calendar \u2014 Simply Schedule Appointments Booking de WordPress anterior a la versi\u00f3n 1.6.7.43 no escapa a la sintaxis de plantilla proporcionada a trav\u00e9s de la entrada del usuario, lo que genera una inyecci\u00f3n de plantilla Twig que, si se explota a\u00fan m\u00e1s, puede dar como resultado la ejecuci\u00f3n remota de c\u00f3digo por parte de personas con altos privilegios, como los administradores."}], "lastModified": "2024-09-27T18:26:27.560", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nsqua:simply_schedule_appointments:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "D1C877E3-52DA-428B-8F78-5DAD3B812B36", "versionEndExcluding": "1.6.7.43"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}