CVE-2024-8797
- EPSS 0.34%
- Veröffentlicht 14.09.2024 06:15:10
- Zuletzt bearbeitet 27.09.2024 14:02:23
The WP Booking System – Booking Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.0.19.8. T...
CVE-2023-24402
- EPSS 0.12%
- Veröffentlicht 07.04.2023 09:15:07
- Zuletzt bearbeitet 21.11.2024 07:47:47
Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Veribo, Roland Murg WP Booking System – Booking Calendar plugin <= 2.0.18 versions.
CVE-2021-25061
- EPSS 1.26%
- Veröffentlicht 17.01.2022 13:15:08
- Zuletzt bearbeitet 21.11.2024 05:54:16
The WP Booking System WordPress plugin before 2.0.15 was affected by a reflected xss in wp-booking-system on the wpbs-calendars admin page.
CVE-2019-12239
- EPSS 0.13%
- Veröffentlicht 20.05.2019 20:29:00
- Zuletzt bearbeitet 21.11.2024 04:22:27
The WP Booking System plugin 1.5.1 for WordPress has no CSRF protection, which allows attackers to reach certain SQL injection issues that require administrative access.
CVE-2017-2168
- EPSS 0.59%
- Veröffentlicht 22.05.2017 16:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
Cross-site scripting vulnerability in WP Booking System Free version prior to version 1.4 and WP Booking System Premium version prior to version 3.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.