Wpdevart

Booking Calendar

11 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2025-67574

  • EPSS 0.03%
  • Veröffentlicht 09.12.2025 14:14:13
  • Zuletzt bearbeitet 09.12.2025 18:36:29

Missing Authorization vulnerability in wpdevart Booking calendar, Appointment Booking System booking-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking calendar, Appointment Booking System: fro...

6.1

CVE-2024-12077

  • EPSS 0.94%
  • Veröffentlicht 07.01.2025 08:15:24
  • Zuletzt bearbeitet 07.01.2025 08:15:24

The Booking Calendar and Booking Calendar Pro plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the ‘calendar_id’ parameter in all versions up to, and including, 3.2.19 and 11.2.19 respectively, due to insufficient input sani...

6.5

CVE-2024-10856

  • EPSS 0.08%
  • Veröffentlicht 24.12.2024 11:15:07
  • Zuletzt bearbeitet 21.03.2025 18:50:57

The Booking Calendar WpDevArt plugin is vulnerable to time-based, blind SQL injection via the `id` parameter in the “wpdevart_booking_calendar” shortcode in versions up to, and including, 3.2.19 due to insufficient escaping on the user-supplied param...

8.8

CVE-2023-24407

  • EPSS 0.17%
  • Veröffentlicht 09.12.2024 13:15:22
  • Zuletzt bearbeitet 21.03.2025 18:45:52

Missing Authorization vulnerability in WpDevArt Booking calendar, Appointment Booking System allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking calendar, Appointment Booking System: from n/a through 3.2...

7.2

CVE-2024-9504

  • EPSS 0.68%
  • Veröffentlicht 26.11.2024 08:15:08
  • Zuletzt bearbeitet 26.11.2024 08:15:08

The Booking calendar, Appointment Booking System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.2.15 due to insufficient input sanitization and output escaping. This make...

9.8

CVE-2023-24373

  • EPSS 0.5%
  • Veröffentlicht 03.06.2024 22:15:09
  • Zuletzt bearbeitet 21.03.2025 18:43:53

External Control of Assumed-Immutable Web Parameter vulnerability in WpDevArt Booking calendar, Appointment Booking System allows Manipulating Hidden Fields.This issue affects Booking calendar, Appointment Booking System: from n/a through 3.2.3.

9.8

CVE-2022-47428

  • EPSS 0.21%
  • Veröffentlicht 06.11.2023 08:15:21
  • Zuletzt bearbeitet 21.11.2024 07:31:56

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WpDevArt Booking calendar, Appointment Booking System allows SQL Injection.This issue affects Booking calendar, Appointment Booking System: from n/a...

5.4

CVE-2022-47438

  • EPSS 0.06%
  • Veröffentlicht 29.03.2023 13:15:07
  • Zuletzt bearbeitet 21.11.2024 07:31:57

Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in WpDevArt Booking calendar, Appointment Booking System plugin <= 3.2.3 versions.

5.4

CVE-2023-24388

  • EPSS 0.06%
  • Veröffentlicht 17.02.2023 15:15:12
  • Zuletzt bearbeitet 21.11.2024 07:47:45

Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Booking calendar, Appointment Booking System plugin <= 3.2.3 versions affects plugin forms actions (create, duplicate, edit, delete).

9.8

CVE-2022-3982

Exploit
  • EPSS 90.58%
  • Veröffentlicht 12.12.2022 18:15:12
  • Zuletzt bearbeitet 22.04.2025 15:16:02

The Booking calendar, Appointment Booking System WordPress plugin before 3.2.2 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE