Lucene search

K

Appointment Calendar Security Vulnerabilities

cve
cve

CVE-2024-1094

The Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the make_staff() function in all versions up to, and including, 1.0.21. This makes it...

7.3CVSS

7AI Score

0.0005EPSS

2024-06-14 05:15 AM
13
cve
cve

CVE-2023-24373

External Control of Assumed-Immutable Web Parameter vulnerability in WpDevArt Booking calendar, Appointment Booking System allows Manipulating Hidden Fields.This issue affects Booking calendar, Appointment Booking System: from n/a through...

3.7CVSS

7.2AI Score

0.0004EPSS

2024-06-03 10:15 PM
17
cve
cve

CVE-2024-4288

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter in versions up to, and including, 1.6.7.14 due to insufficient input sanitization and output escaping. This makes it possible...

6.4CVSS

5.7AI Score

0.001EPSS

2024-05-16 11:15 AM
25
cve
cve

CVE-2024-2342

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the customer_id parameter in all versions up to, and including, 1.6.7.7 due to insufficient escaping on the user supplied parameter and lack of sufficient...

8.8CVSS

9.3AI Score

0.0004EPSS

2024-04-09 07:15 PM
24
cve
cve

CVE-2024-2341

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the keys parameter in all versions up to, and including, 1.6.7.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on.....

8.8CVSS

9.3AI Score

0.0004EPSS

2024-04-09 07:15 PM
29
cve
cve

CVE-2024-3022

The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient filename validation in the 'bookingpress_process_upload' function in all versions up to, and including 1.0.87. This allows an authenticated attacker with administrator-level capabilities or higher to.....

7.2CVSS

9.6AI Score

0.0004EPSS

2024-04-04 02:15 AM
29
cve
cve

CVE-2024-30561

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scientech It Solution Appointment Calendar allows Reflected XSS.This issue affects Appointment Calendar: from n/a through...

7.1CVSS

9.3AI Score

0.0004EPSS

2024-03-31 08:15 PM
28
cve
cve

CVE-2024-0856

The Appointment Booking Calendar WordPress plugin before 1.3.83 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding a booking to the calendar without...

6.7AI Score

0.0004EPSS

2024-03-20 05:15 AM
35
cve
cve

CVE-2024-1760

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.6.20. This is due to missing or incorrect nonce validation on the ssa_factory_reset() function. This makes it...

4.3CVSS

5.2AI Score

0.0004EPSS

2024-03-06 06:15 AM
32
cve
cve

CVE-2023-51354

Cross-Site Request Forgery (CSRF) vulnerability in WebbaPlugins Appointment & Event Booking Calendar Plugin – Webba Booking.This issue affects Appointment & Event Booking Calendar Plugin – Webba Booking: from n/a through...

8.8CVSS

8.6AI Score

0.001EPSS

2023-12-29 01:15 PM
21
cve
cve

CVE-2023-50841

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Repute Infosystems BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin.This issue affects BookingPress – Appointment Booking Calendar Plugin and Online Scheduling...

8.8CVSS

9AI Score

0.001EPSS

2023-12-28 07:15 PM
21
cve
cve

CVE-2023-50852

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Booking Calendar | Appointment Booking | BookIt.This issue affects Booking Calendar | Appointment Booking | BookIt: from n/a through...

7.6CVSS

7.5AI Score

0.001EPSS

2023-12-28 12:15 PM
18
cve
cve

CVE-2023-50851

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in N Squared Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin.This issue affects Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin: from n/a before.....

7.6CVSS

7.5AI Score

0.001EPSS

2023-12-28 12:15 PM
21
cve
cve

CVE-2023-36507

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Repute Infosystems BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin.This issue affects BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin: from n/a through...

5.3CVSS

5.2AI Score

0.0005EPSS

2023-11-30 04:15 PM
6
cve
cve

CVE-2023-6219

The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'bookingpress_process_upload' function in versions up to, and including, 1.0.76. This makes it possible for authenticated attackers with administrator-level capabilities or...

7.2CVSS

7.4AI Score

0.001EPSS

2023-11-28 03:15 AM
53
cve
cve

CVE-2022-47428

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WpDevArt Booking calendar, Appointment Booking System allows SQL Injection.This issue affects Booking calendar, Appointment Booking System: from n/a through...

9.8CVSS

9.7AI Score

0.001EPSS

2023-11-06 08:15 AM
7
cve
cve

CVE-2023-46198

Cross-Site Request Forgery (CSRF) vulnerability in Scientech It Solution Appointment Calendar plugin <= 2.9.6...

8.8CVSS

8.8AI Score

0.001EPSS

2023-10-25 06:17 PM
11
cve
cve

CVE-2023-2834

The BookIt plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.3.7. This is due to insufficient verification on the user being supplied during booking an appointment through the plugin. This makes it possible for unauthenticated attackers to log in as...

9.8CVSS

9.5AI Score

0.002EPSS

2023-06-30 02:15 AM
15
cve
cve

CVE-2023-27918

Cross-site scripting vulnerability in Appointment and Event Booking Calendar for WordPress - Amelia versions prior to 1.0.76 allows a remote unauthenticated attacker to inject an arbitrary script by having a user who is logging in the WordPress where the product is installed visit a malicious...

6.1CVSS

6.2AI Score

0.002EPSS

2023-05-10 06:15 AM
19
cve
cve

CVE-2015-10099

A vulnerability classified as critical has been found in CP Appointment Calendar Plugin up to 1.1.5 on WordPress. This affects the function dex_process_ready_to_go_appointment of the file dex_appointments.php. The manipulation of the argument itemnumber leads to sql injection. It is possible to...

9.8CVSS

9.8AI Score

0.002EPSS

2023-04-10 12:15 PM
22
cve
cve

CVE-2022-47438

Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in WpDevArt Booking calendar, Appointment Booking System plugin <= 3.2.3...

5.9CVSS

5.2AI Score

0.001EPSS

2023-03-29 01:15 PM
21
cve
cve

CVE-2023-24388

Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Booking calendar, Appointment Booking System plugin <= 3.2.3 versions affects plugin forms actions (create, duplicate, edit,...

5.4CVSS

5.5AI Score

0.0005EPSS

2023-02-17 03:15 PM
17
cve
cve

CVE-2022-3982

The Booking calendar, Appointment Booking System WordPress plugin before 3.2.2 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve...

9.8CVSS

9.6AI Score

0.236EPSS

2022-12-12 06:15 PM
37
cve
cve

CVE-2022-43482

Missing Authorization vulnerability in Appointment Booking Calendar plugin <= 1.3.69 on...

8.8CVSS

8.6AI Score

0.001EPSS

2022-11-18 08:15 PM
30
8
cve
cve

CVE-2022-1710

The Appointment Hour Booking WordPress plugin before 1.3.56 does not sanitise and escape a settings of its Calendar fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is...

4.8CVSS

4.7AI Score

0.001EPSS

2022-06-13 01:15 PM
49
5
cve
cve

CVE-2022-0709

The Booking Package WordPress plugin before 1.5.29 requires a token for exporting the ical representation of it's booking calendar, but this token is returned in the json response to unauthenticated users performing a booking, leading to a sensitive data disclosure...

7.5CVSS

7.4AI Score

0.002EPSS

2022-04-04 04:15 PM
54
cve
cve

CVE-2021-20840

Cross-site scripting vulnerability in Booking Package - Appointment Booking Calendar System versions prior to 1.5.11 allows a remote attacker to inject an arbitrary script via unspecified...

6.1CVSS

6AI Score

0.001EPSS

2021-11-24 04:15 PM
23
cve
cve

CVE-2021-24673

The Appointment Hour Booking WordPress plugin before 1.3.16 does not escape some of the Calendar Form settings, allowing high privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is...

4.8CVSS

4.6AI Score

0.001EPSS

2021-10-04 12:15 PM
15
cve
cve

CVE-2020-9372

The Appointment Booking Calendar plugin before 1.3.35 for WordPress allows user input (in fields such as Description or Name) in any booking form to be any formula, which then could be exported via the Bookings list tab in /wp-admin/admin.php?page=cpabc_appointments.php. The attacker could achieve....

7.8CVSS

8AI Score

0.011EPSS

2020-03-04 07:15 PM
104
cve
cve

CVE-2020-9371

Stored XSS exists in the Appointment Booking Calendar plugin before 1.3.35 for WordPress. In the cpabc_appointments.php file, the Calendar Name input could allow attackers to inject arbitrary JavaScript or...

4.8CVSS

5AI Score

0.004EPSS

2020-03-04 07:15 PM
107
2
cve
cve

CVE-2016-10916

The appointment-booking-calendar plugin before 1.1.24 for WordPress has SQL injection, a different vulnerability than...

9.8CVSS

9.5AI Score

0.001EPSS

2019-08-22 01:15 PM
22
cve
cve

CVE-2019-14791

The Appointment Booking Calendar plugin 1.3.18 for WordPress allows XSS via the wp-admin/admin-post.php editionarea...

6.1CVSS

6AI Score

0.001EPSS

2019-08-09 02:15 PM
27
cve
cve

CVE-2015-7320

Multiple cross-site scripting (XSS) vulnerabilities in cpabc_appointments_admin_int_bookings_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified...

5.8AI Score

0.003EPSS

2015-09-29 07:59 PM
25
cve
cve

CVE-2015-7319

SQL injection vulnerability in cpabc_appointments_admin_int_calendar_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to updating the...

9.8AI Score

0.001EPSS

2015-09-29 07:59 PM
26