Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
booking calendar vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-50860
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TMS Booking for Appointments and Events Calendar – Amelia allows Stored XSS.This issue affects Booking for Appointments and Events Calendar – Amelia: from n...
Tms-outsource Amelia
8.8
CVSSv3
CVE-2023-50841
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Repute Infosystems BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin.This issue affects BookingPress – Appointment Booking Cal...
Reputeinfosystems Bookingpress
NA
CVE-2024-0856
The Appointment Booking Calendar WordPress plugin prior to 1.3.83 does not have CSRF checks in some places, which could allow malicious users to make logged in users perform unwanted actions via CSRF attacks such as adding a booking to the calendar without paying.
NA
CVE-2023-51525
Cross-Site Request Forgery (CSRF) vulnerability in Veribo, Roland Murg WP Simple Booking Calendar.This issue affects WP Simple Booking Calendar: from n/a up to and including 2.0.8.4.
6.1
CVSSv3
CVE-2023-29427
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in TMS Booking for Appointments and Events Calendar – Amelia plugin <= 1.0.75 versions.
Tms-outsource Amelia
NA
CVE-2006-1422
SQL injection vulnerability in details_view.php in PHP Booking Calendar 1.0c and previous versions allows remote malicious users to execute arbitrary SQL commands via the event_id parameter.
Jjwwebdesign Phpbookingcalendar
2 EDB exploits
5.4
CVSSv3
CVE-2021-24232
The Advanced Booking Calendar WordPress plugin prior to 1.6.8 does not sanitise the license error message when output in the settings page, leading to an authenticated reflected Cross-Site Scripting issue
5.4
CVSSv3
CVE-2021-24225
The Advanced Booking Calendar WordPress plugin prior to 1.6.7 did not sanitise the calId GET parameter in the "Seasons & Calendars" page before outputing it in an A tag, leading to a reflected XSS issue
6.4
CVSSv3
CVE-2024-4288
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter in versions up to, and including, 1.6.7.14 due to insufficient input sanitization and output...
NA
CVE-2024-1760
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.6.20. This is due to missing or incorrect nonce validation on the ssa_factory_reset() fu...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »