CodePeople Appointment Hour Booking Missing Authorization Vulnerability Allowing Broken Access Control

A broken access control vulnerability has been identified in the CodePeople Appointment Hour Booking WordPress plugin, affecting versions through 1.4.23. This vulnerability arises from missing authorization checks, which could allow an unprivileged user to perform actions reserved for higher privileges.

Impact

Exploitation of this vulnerability could lead to unauthorized users gaining access to restricted functionalities or data, potentially allowing them to perform actions that should be reserved for users with higher privileges.

Remediation

Users of the CodePeople Appointment Hour Booking WordPress plugin should update to version 1.4.24 or later to address this vulnerability.