CVE-2025-13318
- EPSS 0.18%
- Veröffentlicht 22.11.2025 08:30:29
- Zuletzt bearbeitet 15.04.2026 00:35:42
The Booking Calendar Contact Form plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.60. This is due to missing authorization checks and payment verification in the `dex_bccf_check_IPN_verification` ...
CVE-2025-48231
- EPSS 0.05%
- Veröffentlicht 04.07.2025 11:18:02
- Zuletzt bearbeitet 15.04.2026 00:35:42
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople Booking Calendar Contact Form booking-calendar-contact-form allows Stored XSS.This issue affects Booking Calendar Contact Form: from n/a ...
CVE-2025-24723
- EPSS 0.1%
- Veröffentlicht 24.01.2025 18:15:46
- Zuletzt bearbeitet 15.04.2026 00:35:42
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople Booking Calendar Contact Form booking-calendar-contact-form allows Stored XSS.This issue affects Booking Calendar Contact Form: from n/a ...
CVE-2023-25037
- EPSS 0.16%
- Veröffentlicht 09.12.2024 13:15:22
- Zuletzt bearbeitet 15.04.2026 00:35:42
Missing Authorization vulnerability in CodePeople Booking Calendar Contact Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking Calendar Contact Form: from n/a through 1.2.34.
CVE-2016-10908
- EPSS 0.19%
- Veröffentlicht 21.08.2019 13:15:11
- Zuletzt bearbeitet 21.11.2024 02:45:02
The booking-calendar-contact-form plugin before 1.0.24 for WordPress has XSS.
CVE-2016-10909
- EPSS 0.51%
- Veröffentlicht 21.08.2019 13:15:11
- Zuletzt bearbeitet 21.11.2024 02:45:02
The booking-calendar-contact-form plugin before 1.0.24 for WordPress has SQL injection.