The Booking Package plugin for WordPress is vulnerable to a security issue in certain versions. Unauthenticated attackers can reset the email and password of any user on the site if they know the username. This is possible because there is not enough protection in the ‘updateUser’ function. Only sites that have an active premium subscription are affected.
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
