Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
booking calendar vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2021-24673
The Appointment Hour Booking WordPress plugin prior to 1.3.16 does not escape some of the Calendar Form settings, allowing high privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Dwbooster Appointment Hour Booking
578
VMScore
CVE-2021-24726
The WP Simple Booking Calendar WordPress plugin prior to 2.0.6 did not escape, validate or sanitise the orderby parameter in its Search Calendars action, before using it in a SQL statement, leading to an authenticated SQL injection issue
Wpsimplebookingcalendar Wp Simple Booking Calendar
383
VMScore
CVE-2021-24429
The Salon booking system WordPress plugin prior to 6.3.1 does not properly sanitise and escape the First Name field when booking an appointment, allowing low privilege users such as subscriber to set JavaScript in them, leading to a Stored Cross-Site Scripting (XSS) vulnerability...
Salonbookingsystem Salon Booking System
1 Github repository
312
VMScore
CVE-2021-24232
The Advanced Booking Calendar WordPress plugin prior to 1.6.8 does not sanitise the license error message when output in the settings page, leading to an authenticated reflected Cross-Site Scripting issue
312
VMScore
CVE-2021-24225
The Advanced Booking Calendar WordPress plugin prior to 1.6.7 did not sanitise the calId GET parameter in the "Seasons & Calendars" page before outputing it in an A tag, leading to a reflected XSS issue
355
VMScore
CVE-2020-9371
Stored XSS exists in the Appointment Booking Calendar plugin prior to 1.3.35 for WordPress. In the cpabc_appointments.php file, the Calendar Name input could allow malicious users to inject arbitrary JavaScript or HTML.
Codepeople Appointment Booking Calendar
1 EDB exploit
685
VMScore
CVE-2020-9372
The Appointment Booking Calendar plugin prior to 1.3.35 for WordPress allows user input (in fields such as Description or Name) in any booking form to be any formula, which then could be exported via the Bookings list tab in /wp-admin/admin.php?page=cpabc_appointments.php. The at...
Codepeople Appointment Booking Calendar
1 EDB exploit
668
VMScore
CVE-2016-10916
The appointment-booking-calendar plugin prior to 1.1.24 for WordPress has SQL injection, a different vulnerability than CVE-2015-7319.
Codepeople Appointment Booking Calendar
668
VMScore
CVE-2016-10909
The booking-calendar-contact-form plugin prior to 1.0.24 for WordPress has SQL injection.
Codepeople Booking Calendar Contact Form
383
VMScore
CVE-2017-18555
The booking-sms plugin prior to 1.1.0 for WordPress has XSS.
Mediaburst Booking Calendar
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »