Wpdevart

Booking Calendar

12 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.1

CVE-2026-25435

  • EPSS 0.04%
  • Veröffentlicht 25.03.2026 16:14:49
  • Zuletzt bearbeitet 30.03.2026 13:27:12

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevart Booking calendar, Appointment Booking System booking-calendar allows Stored XSS.This issue affects Booking calendar, Appointment Booking Sy...

5.3

CVE-2025-67574

  • EPSS 0.05%
  • Veröffentlicht 09.12.2025 14:14:13
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Missing Authorization vulnerability in wpdevart Booking calendar, Appointment Booking System booking-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking calendar, Appointment Booking System: fro...

6.1

CVE-2024-12077

  • EPSS 1.91%
  • Veröffentlicht 07.01.2025 08:15:24
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The Booking Calendar and Booking Calendar Pro plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the ‘calendar_id’ parameter in all versions up to, and including, 3.2.19 and 11.2.19 respectively, due to insufficient input sani...

6.5

CVE-2024-10856

  • EPSS 0.27%
  • Veröffentlicht 24.12.2024 11:15:07
  • Zuletzt bearbeitet 21.03.2025 18:50:57

The Booking Calendar WpDevArt plugin is vulnerable to time-based, blind SQL injection via the `id` parameter in the “wpdevart_booking_calendar” shortcode in versions up to, and including, 3.2.19 due to insufficient escaping on the user-supplied param...

8.8

CVE-2023-24407

  • EPSS 0.17%
  • Veröffentlicht 09.12.2024 13:15:22
  • Zuletzt bearbeitet 21.03.2025 18:45:52

Missing Authorization vulnerability in WpDevArt Booking calendar, Appointment Booking System allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking calendar, Appointment Booking System: from n/a through 3.2...

7.2

CVE-2024-9504

  • EPSS 0.49%
  • Veröffentlicht 26.11.2024 08:15:08
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The Booking calendar, Appointment Booking System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.2.15 due to insufficient input sanitization and output escaping. This make...

9.8

CVE-2023-24373

  • EPSS 0.5%
  • Veröffentlicht 03.06.2024 22:15:09
  • Zuletzt bearbeitet 21.03.2025 18:43:53

External Control of Assumed-Immutable Web Parameter vulnerability in WpDevArt Booking calendar, Appointment Booking System allows Manipulating Hidden Fields.This issue affects Booking calendar, Appointment Booking System: from n/a through 3.2.3.

9.8

CVE-2022-47428

  • EPSS 0.21%
  • Veröffentlicht 06.11.2023 08:15:21
  • Zuletzt bearbeitet 21.11.2024 07:31:56

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WpDevArt Booking calendar, Appointment Booking System allows SQL Injection.This issue affects Booking calendar, Appointment Booking System: from n/a...

5.4

CVE-2022-47438

  • EPSS 0.18%
  • Veröffentlicht 29.03.2023 13:15:07
  • Zuletzt bearbeitet 21.11.2024 07:31:57

Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in WpDevArt Booking calendar, Appointment Booking System plugin <= 3.2.3 versions.

5.4

CVE-2023-24388

  • EPSS 0.14%
  • Veröffentlicht 17.02.2023 15:15:12
  • Zuletzt bearbeitet 21.11.2024 07:47:45

Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Booking calendar, Appointment Booking System plugin <= 3.2.3 versions affects plugin forms actions (create, duplicate, edit, delete).