Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
booking calendar vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2022-1463
The Booking Calendar plugin for WordPress is vulnerable to PHP Object Injection via the [bookingflextimeline] shortcode in versions up to, and including, 9.1. This could be exploited by subscriber-level users and above to call arbitrary PHP objects on a vulnerable site.
Booking Calendar Project Booking Calendar
7.5
CVSSv2
CVE-2022-24838
Nextcloud Calendar is a calendar application for the nextcloud framework. SMTP Command Injection in Appointment Emails via Newlines: as newlines and special characters are not sanitized in the email value in the JSON request, a malicious attacker can inject newlines to break out ...
Nextcloud Calendar
4.3
CVSSv2
CVE-2022-1007
The Advanced Booking Calendar WordPress plugin prior to 1.7.1 does not sanitise and escape the room parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue
Elbtide Advanced Booking Calendar
6.5
CVSSv2
CVE-2022-1006
The Advanced Booking Calendar WordPress plugin prior to 1.7.1 does not sanitise and escape the id parameter when editing Calendars, which could allow high privilege users such as admin to perform SQL injection attacks
Elbtide Advanced Booking Calendar
5
CVSSv2
CVE-2022-0709
The Booking Package WordPress plugin prior to 1.5.29 requires a token for exporting the ical representation of it's booking calendar, but this token is returned in the json response to unauthenticated users performing a booking, leading to a sensitive data disclosure vulnera...
Saasproject Booking Package
3.5
CVSSv2
CVE-2022-0834
The Amelia WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the lastName parameter found in the ~/src/Application/Controller/User/Customer/AddCustomerController.php file which allows malicious users to inject arbitrary web sc...
Wpamelia Amelia
7.5
CVSSv2
CVE-2022-0694
The Advanced Booking Calendar WordPress plugin prior to 1.7.0 does not validate and escape the calendar parameter before using it in a SQL statement via the abc_booking_getSingleCalendar AJAX action (available to both unauthenticated and authenticated users), leading to an unauth...
Elbtide Advanced Booking Calendar
3.5
CVSSv2
CVE-2022-0389
The WP Time Slots Booking Form WordPress plugin prior to 1.1.63 does not sanitise and escape Calendar names, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Codepeople Wp Time Slots Booking Form
4.3
CVSSv2
CVE-2021-25040
The Booking Calendar WordPress plugin prior to 8.9.2 does not sanitise and escape the booking_type parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting
Booking Calendar Project Booking Calendar
4.3
CVSSv2
CVE-2021-20840
Cross-site scripting vulnerability in Booking Package - Appointment Booking Calendar System versions before 1.5.11 allows a remote malicious user to inject an arbitrary script via unspecified vectors.
Saasproject Booking Package
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »