Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
booking calendar vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-51520
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPdevelop / Oplugins WP Booking Calendar allows Stored XSS.This issue affects WP Booking Calendar: from n/a prior to 9.7.4.
Wpbookingcalendar Booking Calendar
NA
CVE-2024-1207
The WP Booking Calendar plugin for WordPress is vulnerable to SQL Injection via the 'calendar_request_params[dates_ddmmyy_csv]' parameter in all versions up to, and including, 9.9 due to insufficient escaping on the user supplied parameter and lack of sufficient prepara...
Wpbookingcalendar Booking Calendar
NA
CVE-2023-4620
The Booking Calendar WordPress plugin prior to 9.7.3.1 does not sanitize and escape some of its booking from data, allowing unauthenticated users to perform Stored Cross-Site Scripting attacks against administrators
Wpbookingcalendar Booking Calendar
NA
CVE-2022-43482
Missing Authorization vulnerability in Appointment Booking Calendar plugin <= 1.3.69 on WordPress.
Codepeople Appointment Booking Calendar
3.5
CVSSv2
CVE-2020-9371
Stored XSS exists in the Appointment Booking Calendar plugin prior to 1.3.35 for WordPress. In the cpabc_appointments.php file, the Calendar Name input could allow malicious users to inject arbitrary JavaScript or HTML.
Codepeople Appointment Booking Calendar
1 EDB exploit
6.8
CVSSv2
CVE-2020-9372
The Appointment Booking Calendar plugin prior to 1.3.35 for WordPress allows user input (in fields such as Description or Name) in any booking form to be any formula, which then could be exported via the Bookings list tab in /wp-admin/admin.php?page=cpabc_appointments.php. The at...
Codepeople Appointment Booking Calendar
1 EDB exploit
6.5
CVSSv2
CVE-2022-1006
The Advanced Booking Calendar WordPress plugin prior to 1.7.1 does not sanitise and escape the id parameter when editing Calendars, which could allow high privilege users such as admin to perform SQL injection attacks
Elbtide Advanced Booking Calendar
5
CVSSv2
CVE-2018-10363
An issue exists in the WpDevArt "Booking calendar, Appointment Booking System" plugin 2.2.2 for WordPress. Multiple parameters allow remote malicious users to manipulate the values to change data such as prices.
Wpdevart Booking Calendar 2.2.2
7.5
CVSSv2
CVE-2015-7319
SQL injection vulnerability in cpabc_appointments_admin_int_calendar_list.inc.php in the Appointment Booking Calendar plugin prior to 1.1.8 for WordPress allows remote malicious users to execute arbitrary SQL commands via unspecified vectors related to updating the username.
Codepeople Appointment Booking Calendar
4.3
CVSSv2
CVE-2015-7320
Multiple cross-site scripting (XSS) vulnerabilities in cpabc_appointments_admin_int_bookings_list.inc.php in the Appointment Booking Calendar plugin prior to 1.1.8 for WordPress allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Codepeople Appointment Booking Calendar
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
denial of service
CVE-2024-27371
CVE-2024-20405
CVE-2024-31627
CVE-2024-31625
race condition
CVE-2024-4358
cross-site scripting
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »