Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
appointment booking calendar vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2022-47438
Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in WpDevArt Booking calendar, Appointment Booking System plugin <= 3.2.3 versions.
Wpdevart Booking Calendar
5.4
CVSSv3
CVE-2023-24388
Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Booking calendar, Appointment Booking System plugin <= 3.2.3 versions affects plugin forms actions (create, duplicate, edit, delete).
Wpdevart Booking Calendar
9.8
CVSSv3
CVE-2022-3982
The Booking calendar, Appointment Booking System WordPress plugin prior to 3.2.2 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE
Wpdevart Booking Calendar
7.5
CVSSv3
CVE-2018-10363
An issue exists in the WpDevArt "Booking calendar, Appointment Booking System" plugin 2.2.2 for WordPress. Multiple parameters allow remote malicious users to manipulate the values to change data such as prices.
Wpdevart Booking Calendar 2.2.2
5.4
CVSSv3
CVE-2023-2415
The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_logout_callback function in versions up to, and including, 4.2.10. This makes it possible for...
Vcita Online Booking \\& Scheduling Calendar For Wordpress By Vcita
6.5
CVSSv3
CVE-2023-2416
The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the vcita_logout_callback function in versions up to, and including, 4.2.10. This makes it possible for unauthentic...
Vcita Online Booking \\& Scheduling Calendar For Wordpress By Vcita
8.8
CVSSv3
CVE-2023-51354
Cross-Site Request Forgery (CSRF) vulnerability in WebbaPlugins Appointment & Event Booking Calendar Plugin – Webba Booking.This issue affects Appointment & Event Booking Calendar Plugin – Webba Booking: from n/a up to and including 4.5.33.
Webba-booking Webba Booking
6.1
CVSSv3
CVE-2021-20840
Cross-site scripting vulnerability in Booking Package - Appointment Booking Calendar System versions before 1.5.11 allows a remote malicious user to inject an arbitrary script via unspecified vectors.
Saasproject Booking Package
9.8
CVSSv3
CVE-2022-24838
Nextcloud Calendar is a calendar application for the nextcloud framework. SMTP Command Injection in Appointment Emails via Newlines: as newlines and special characters are not sanitized in the email value in the JSON request, a malicious attacker can inject newlines to break out ...
Nextcloud Calendar
6.1
CVSSv3
CVE-2021-24429
The Salon booking system WordPress plugin prior to 6.3.1 does not properly sanitise and escape the First Name field when booking an appointment, allowing low privilege users such as subscriber to set JavaScript in them, leading to a Stored Cross-Site Scripting (XSS) vulnerability...
Salonbookingsystem Salon Booking System
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »