ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Appointments plugin <=2.2.1 - Unauthenticated PHP Object Injection vulnerability

Product
Appointments
Description
Unauthenticated PHP Object Injection vulnerability found by Matt Barry (WordFence) in WordPress Appointments plugin (versions <=2.2.1).
Solution
Update the WordPress Appointments plugin to the latest available version (at least 2.2.2).
Classification
Type Remote File Inclusion
References
Plugin changelog
CVE
Name CVE-N/A
Versions
Affected In <=2.2.1
Fixed In 2.2.2
Disclosure date
2017-10-03
Credits
Matt Barry (WordFence)
Submitter
ThreatPress