Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
booking vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2022-46816
Cross-Site Request Forgery (CSRF) vulnerability in Booking Ultra Pro Appointments Booking Calendar Plugin plugin <= 1.1.4 versions.
Booking Ultra Pro Booking Ultra Pro Appointments Booking Calendar Plugin
Bookingultrapro Booking Ultra Pro Appointments Booking Calendar
6.1
CVSSv3
CVE-2019-15774
The nd-booking plugin prior to 2.5 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting.
Booking Project Booking
4.8
CVSSv3
CVE-2021-36847
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WebbaPlugins Webba Booking plugin <= 4.2.21 at WordPress.
Webba-booking Webba Booking
4.3
CVSSv3
CVE-2024-8432
The Appointment & Event Booking Calendar Plugin – Webba Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_appearance() function in all versions up to, and including, 5.0.48. This makes it possib...
Webba-booking Webba Booking
8.8
CVSSv3
CVE-2023-51354
Cross-Site Request Forgery (CSRF) vulnerability in WebbaPlugins Appointment & Event Booking Calendar Plugin – Webba Booking.This issue affects Appointment & Event Booking Calendar Plugin – Webba Booking: from n/a up to and including 4.5.33.
Webba-booking Webba Booking
6.5
CVSSv2
CVE-2014-3210
SQL injection vulnerability in dopbs-backend-forms.php in the Booking System (Booking Calendar) plugin prior to 1.3 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the booking_form_id parameter to wp-admin/admin-ajax.php.
Dotonpaper Booking System
Dotonpaper Booking System 1.0
Dotonpaper Booking System 1.1
1 EDB exploit
8.8
CVSSv3
CVE-2022-1463
The Booking Calendar plugin for WordPress is vulnerable to PHP Object Injection via the [bookingflextimeline] shortcode in versions up to, and including, 9.1. This could be exploited by subscriber-level users and above to call arbitrary PHP objects on a vulnerable site.
Booking Calendar Project Booking Calendar
6.1
CVSSv3
CVE-2021-25040
The Booking Calendar WordPress plugin prior to 8.9.2 does not sanitise and escape the booking_type parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting
Booking Calendar Project Booking Calendar
6.1
CVSSv3
CVE-2023-36384
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CodePeople Booking Calendar Contact Form plugin <= 1.2.40 versions.
Booking Calendar Project Booking Calendar
5.3
CVSSv3
CVE-2017-2150
Directory traversal vulnerability in Booking Calendar version 7.0 and previous versions allows remote malicious users to read arbitrary files via specially crafted captcha_chalange parameter.
Booking Calendar Project Booking Calendar
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
type confusion
unspecified
CVE-2025-24200
reflected XSS
panel
CVE-2024-12549
temporal technologies, inc.
CVE-2024-21971
CVE-2024-57777
CVE-2023-31122
CVE-2025-0909
winzip computing
unified secops platform
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »