Booking Calendar | Appointment Booking | BookIt Security Vulnerabilities

CVE-2024-30531

Server-Side Request Forgery (SSRF) vulnerability in Nelio Software Nelio Content.This issue affects Nelio Content: from n/a through...

CVE-2024-30531 WordPress Nelio Content plugin <= 3.2.0 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery (SSRF) vulnerability in Nelio Software Nelio Content.This issue affects Nelio Content: from n/a through...

CVE-2024-1274

The My Calendar WordPress plugin before 3.4.24 does not sanitise and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks (depending on the permissions set by the...

CVE-2024-1274

The My Calendar WordPress plugin before 3.4.24 does not sanitise and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks (depending on the permissions set by the...

CVE-2024-1274 My Calendar < 3.4.24 - Authenticated Stored XSS

The My Calendar WordPress plugin before 3.4.24 does not sanitise and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks (depending on the permissions set by the...

Online Hotel Booking In PHP 1.0 - Blind SQL Injection (Unauthenticated) Exploit

...

Online Hotel Booking In PHP 1.0 - Blind SQL Injection (Unauthenticated)

...

Online Hotel Booking In PHP 1.0 SQL Injection

...

Vultur Android Banking Trojan Returns with Upgraded Remote Control Capabilities

The Android banking trojan known as Vultur has resurfaced with a suite of new features and improved anti-analysis and detection evasion techniques, enabling its operators to remotely interact with a mobile device and harvest sensitive data. "Vultur has also started masquerading more of its...

[SECURITY] Fedora 38 Update: seamonkey-2.53.18.2-1.fc38

SeaMonkey is an all-in-one Internet application suite (previously made popular by Netscape and Mozilla). It includes an Internet browser, advanced e-mail, newsgroup and feed client, a calendar, IRC client, HTML editor and a tool to inspect the DOM for web pages. It is derived from the application.....

[SECURITY] Fedora 39 Update: seamonkey-2.53.18.2-1.fc39

SeaMonkey is an all-in-one Internet application suite (previously made popular by Netscape and Mozilla). It includes an Internet browser, advanced e-mail, newsgroup and feed client, a calendar, IRC client, HTML editor and a tool to inspect the DOM for web pages. It is derived from the application.....

[SECURITY] Fedora 40 Update: seamonkey-2.53.18.2-1.fc40

SeaMonkey is an all-in-one Internet application suite (previously made popular by Netscape and Mozilla). It includes an Internet browser, advanced e-mail, newsgroup and feed client, a calendar, IRC client, HTML editor and a tool to inspect the DOM for web pages. It is derived from the application.....

CVE-2024-30561

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scientech It Solution Appointment Calendar allows Reflected XSS.This issue affects Appointment Calendar: from n/a through...

CVE-2024-30561

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scientech It Solution Appointment Calendar allows Reflected XSS.This issue affects Appointment Calendar: from n/a through...

CVE-2024-30561 WordPress Appointment Calendar plugin <= 2.9.6 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scientech It Solution Appointment Calendar allows Reflected XSS.This issue affects Appointment Calendar: from n/a through...

CVE-2024-31117

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Moises Heberle WooCommerce Bookings Calendar.This issue affects WooCommerce Bookings Calendar: from n/a through...

CVE-2024-31117

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Moises Heberle WooCommerce Bookings Calendar.This issue affects WooCommerce Bookings Calendar: from n/a through...

CVE-2024-31117 WordPress WooCommerce Bookings Calendar plugin <= 1.0.36 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Moises Heberle WooCommerce Bookings Calendar.This issue affects WooCommerce Bookings Calendar: from n/a through...

CVE-2024-31115

Unrestricted Upload of File with Dangerous Type vulnerability in QuanticaLabs Chauffeur Taxi Booking System for WordPress.This issue affects Chauffeur Taxi Booking System for WordPress: from n/a through...

CVE-2024-31115

Unrestricted Upload of File with Dangerous Type vulnerability in QuanticaLabs Chauffeur Taxi Booking System for WordPress.This issue affects Chauffeur Taxi Booking System for WordPress: from n/a through...

CVE-2024-31115 WordPress Chauffeur Taxi Booking System for WordPress plugin <= 7.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in QuanticaLabs Chauffeur Taxi Booking System for WordPress.This issue affects Chauffeur Taxi Booking System for WordPress: from n/a through...

CVE-2024-31115 WordPress Chauffeur Taxi Booking System for WordPress plugin <= 7.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in QuanticaLabs Chauffeur Taxi Booking System for WordPress.This issue affects Chauffeur Taxi Booking System for WordPress: from n/a through...

CVE-2024-30449

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Booking Activities Team Booking Activities allows Reflected XSS.This issue affects Booking Activities: from n/a through...

CVE-2024-30449

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Booking Activities Team Booking Activities allows Reflected XSS.This issue affects Booking Activities: from n/a through...

CVE-2024-30449 WordPress Booking Activities plugin <= 1.15.19 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Booking Activities Team Booking Activities allows Reflected XSS.This issue affects Booking Activities: from n/a through...

CVE-2024-30508

Missing Authorization vulnerability in ThimPress WP Hotel Booking.This issue affects WP Hotel Booking: from n/a through...

CVE-2024-30508

Missing Authorization vulnerability in ThimPress WP Hotel Booking.This issue affects WP Hotel Booking: from n/a through...

CVE-2024-30508 WordPress WP Hotel Booking plugin <= 2.0.9.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in ThimPress WP Hotel Booking.This issue affects WP Hotel Booking: from n/a through...

CVE-2024-30508 WordPress WP Hotel Booking plugin <= 2.0.9.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in ThimPress WP Hotel Booking.This issue affects WP Hotel Booking: from n/a through...

CVE-2024-30510

Unrestricted Upload of File with Dangerous Type vulnerability in Salon Booking System Salon booking system.This issue affects Salon booking system: from n/a through...

CVE-2024-30510

Unrestricted Upload of File with Dangerous Type vulnerability in Salon Booking System Salon booking system.This issue affects Salon booking system: from n/a through...

CVE-2024-30427

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar allows Reflected XSS.This issue affects Spiffy Calendar: from n/a through...

CVE-2024-30427

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar allows Reflected XSS.This issue affects Spiffy Calendar: from n/a through...

CVE-2024-30510 WordPress Salon booking system plugin <= 9.5 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Salon Booking System Salon booking system.This issue affects Salon booking system: from n/a through...

CVE-2024-30427 WordPress Spiffy Calendar plugin <= 4.9.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar allows Reflected XSS.This issue affects Spiffy Calendar: from n/a through...

Online Book System cart.php File SQL Injection Vulnerability

Online Book System is an online booking system. A SQL injection vulnerability exists in version 1.0 of the Online Book System due to a lack of validation of externally entered SQL statements in the quantity/remove parameter of the /cart.php file. An attacker can exploit this vulnerability to...

Online Book System index.php File SQL Injection Vulnerability

Online Book System is an online booking system. A SQL injection vulnerability exists in version 1.0 of Online Book System, which originates from a lack of validation of externally entered SQL statements in the username/password/login_username/login_password parameters of the /index.php file. An...

Wordfence Intelligence Weekly WordPress Vulnerability Report (March 18, 2024 to March 24, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 94 vulnerabilities disclosed in 81 WordPress.....

CVE-2024-2111

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the physical location value in all versions up to, and including, 6.4.7.1 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-2111

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the physical location value in all versions up to, and including, 6.4.7.1 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-2110

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.4.7.1. This is due to missing or incorrect nonce validation on several actions. This makes it possible for unauthenticated attackers.....

CVE-2024-2110

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.4.7.1. This is due to missing or incorrect nonce validation on several actions. This makes it possible for unauthenticated attackers.....

CVE-2024-2110

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.4.7.1. This is due to missing or incorrect nonce validation on several actions. This makes it possible for unauthenticated attackers.....

CVE-2024-2111

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the physical location value in all versions up to, and including, 6.4.7.1 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-29776

Cross Site Scripting (XSS) vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through...

CVE-2024-29776

Cross Site Scripting (XSS) vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through...

CVE-2024-29776 WordPress EventPrime plugin <= 3.3.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting (XSS) vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through...

Security Vulnerability in Saflok’s RFID-Based Keycard Locks

It's pretty devastating: Today, Ian Carroll, Lennert Wouters, and a team of other security researchers are revealing a hotel keycard hacking technique they call Unsaflok. The technique is a collection of security vulnerabilities that would allow a hacker to almost instantly open several models of.....

CVE-2023-52228

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mark Kinchin Beds24 Online Booking allows Stored XSS.This issue affects Beds24 Online Booking: from n/a through...

CVE-2023-52228

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mark Kinchin Beds24 Online Booking allows Stored XSS.This issue affects Beds24 Online Booking: from n/a through...