CVE-2024-13821
- EPSS 0.09%
- Published 12.02.2025 08:15:08
- Last modified 25.02.2025 19:37:29
The WP Booking Calendar plugin for WordPress is vulnerable to Unauthenticated Post-Confirmation Booking Manipulation in all versions up to, and including, 10.10. This is due to the plugin not properly requiring re-verification after a booking has bee...
CVE-2024-6930
- EPSS 0.25%
- Published 24.07.2024 08:15:03
- Last modified 21.11.2024 09:50:34
The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' attribute within the plugin's bookingform shortcode in all versions up to, and including, 10.2.1 due to insufficient input sanitization and outpu...
CVE-2024-1207
- EPSS 75.58%
- Published 08.02.2024 09:15:46
- Last modified 21.11.2024 08:50:02
The WP Booking Calendar plugin for WordPress is vulnerable to SQL Injection via the 'calendar_request_params[dates_ddmmyy_csv]' parameter in all versions up to, and including, 9.9 due to insufficient escaping on the user supplied parameter and lack o...
CVE-2023-51520
- EPSS 0.08%
- Published 01.02.2024 12:15:54
- Last modified 21.11.2024 08:38:17
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPdevelop / Oplugins WP Booking Calendar allows Stored XSS.This issue affects WP Booking Calendar: from n/a before 9.7.4.
CVE-2023-4620
- EPSS 1.11%
- Published 16.10.2023 09:15:11
- Last modified 02.05.2025 18:15:25
The Booking Calendar WordPress plugin before 9.7.3.1 does not sanitize and escape some of its booking from data, allowing unauthenticated users to perform Stored Cross-Site Scripting attacks against administrators
CVE-2022-33177
- EPSS 0.1%
- Published 06.09.2022 18:15:15
- Last modified 21.11.2024 07:07:39
Cross-Site Request Forgery (CSRF) vulnerability in WPdevelop/Oplugins Booking Calendar plugin <= 9.2.1 at WordPress leading to Translations Update.