Report
The WP Booking System plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpbs_save_calendar_data function in versions up to, and including, 2.0.19.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to save calendar data.
Score:4.3
Severity:Medium
Version: 2.0.19.2
There is a patch available in v2.0.19.3 and we strongly recommend you update to this version as soon as possible.
