Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
booking calendar vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2022-1710
The Appointment Hour Booking WordPress plugin prior to 1.3.56 does not sanitise and escape a settings of its Calendar fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.
Dwbooster Appointment Hour Booking
6.5
CVSSv2
CVE-2022-1463
The Booking Calendar plugin for WordPress is vulnerable to PHP Object Injection via the [bookingflextimeline] shortcode in versions up to, and including, 9.1. This could be exploited by subscriber-level users and above to call arbitrary PHP objects on a vulnerable site.
Booking Calendar Project Booking Calendar
7.5
CVSSv2
CVE-2022-24838
Nextcloud Calendar is a calendar application for the nextcloud framework. SMTP Command Injection in Appointment Emails via Newlines: as newlines and special characters are not sanitized in the email value in the JSON request, a malicious attacker can inject newlines to break out ...
Nextcloud Calendar
6.5
CVSSv2
CVE-2022-1006
The Advanced Booking Calendar WordPress plugin prior to 1.7.1 does not sanitise and escape the id parameter when editing Calendars, which could allow high privilege users such as admin to perform SQL injection attacks
Elbtide Advanced Booking Calendar
4.3
CVSSv2
CVE-2022-1007
The Advanced Booking Calendar WordPress plugin prior to 1.7.1 does not sanitise and escape the room parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue
Elbtide Advanced Booking Calendar
5
CVSSv2
CVE-2022-0709
The Booking Package WordPress plugin prior to 1.5.29 requires a token for exporting the ical representation of it's booking calendar, but this token is returned in the json response to unauthenticated users performing a booking, leading to a sensitive data disclosure vulnera...
Saasproject Booking Package
3.5
CVSSv2
CVE-2022-0834
The Amelia WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the lastName parameter found in the ~/src/Application/Controller/User/Customer/AddCustomerController.php file which allows malicious users to inject arbitrary web sc...
Wpamelia Amelia
7.5
CVSSv2
CVE-2022-0694
The Advanced Booking Calendar WordPress plugin prior to 1.7.0 does not validate and escape the calendar parameter before using it in a SQL statement via the abc_booking_getSingleCalendar AJAX action (available to both unauthenticated and authenticated users), leading to an unauth...
Elbtide Advanced Booking Calendar
3.5
CVSSv2
CVE-2022-0389
The WP Time Slots Booking Form WordPress plugin prior to 1.1.63 does not sanitise and escape Calendar names, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Codepeople Wp Time Slots Booking Form
4.3
CVSSv2
CVE-2021-25040
The Booking Calendar WordPress plugin prior to 8.9.2 does not sanitise and escape the booking_type parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting
Booking Calendar Project Booking Calendar
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »