CVE-2026-39663
- EPSS 0.02%
- Veröffentlicht 08.04.2026 08:30:37
- Zuletzt bearbeitet 13.04.2026 19:16:48
Missing Authorization vulnerability in themetechmount TrueBooker truebooker-appointment-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TrueBooker: from n/a through <= 1.1.5.
CVE-2026-1797
- EPSS 0.04%
- Veröffentlicht 31.03.2026 05:16:10
- Zuletzt bearbeitet 01.04.2026 14:24:02
The Appointment Booking and Scheduler Plugin – Truebooker plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 through views php files. This makes it possible for unauthenticated attackers t...
CVE-2025-67581
- EPSS 0.05%
- Veröffentlicht 09.12.2025 14:14:15
- Zuletzt bearbeitet 15.04.2026 00:35:42
Missing Authorization vulnerability in themetechmount TrueBooker truebooker-appointment-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TrueBooker: from n/a through <= 1.1.0.
CVE-2025-47543
- EPSS 0.05%
- Veröffentlicht 07.05.2025 14:20:15
- Zuletzt bearbeitet 01.04.2026 17:24:01
Cross-Site Request Forgery (CSRF) vulnerability in themetechmount TrueBooker truebooker-appointment-booking allows Cross Site Request Forgery.This issue affects TrueBooker: from n/a through <= 1.0.7.
CVE-2024-6924
- EPSS 76.51%
- Veröffentlicht 08.09.2024 06:15:02
- Zuletzt bearbeitet 11.09.2024 16:15:30
The TrueBooker WordPress plugin before 1.0.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.
CVE-2024-6925
- EPSS 0.17%
- Veröffentlicht 08.09.2024 06:15:02
- Zuletzt bearbeitet 11.09.2024 16:12:24
The TrueBooker WordPress plugin before 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.