WP Time Slots Booking Form < 1.2.11 - Unauthenticated Stored Cross-Site Scripting
Description The WP Time Slots Booking Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.2.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts....
7.1CVSS
6AI Score
0.0004EPSS
WP Time Slots Booking Form < 1.2.12 - Missing Authorization
Description The WP Time Slots Booking Form plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the data_management() function in versions up to, and including, 1.2.11. This makes it possible for unauthenticated attackers to view slot...
9.8CVSS
6.6AI Score
0.001EPSS
Missing Authorization vulnerability in Repute Infosystems BookingPress.This issue affects BookingPress: from n/a through...
6.5CVSS
6.5AI Score
0.0004EPSS
Missing Authorization vulnerability in Repute Infosystems BookingPress.This issue affects BookingPress: from n/a through...
6.5CVSS
0.0004EPSS
Missing Authorization vulnerability in Repute Infosystems BookingPress.This issue affects BookingPress: from n/a through...
6.5CVSS
0.0004EPSS
Missing Authorization vulnerability in Repute Infosystems BookingPress.This issue affects BookingPress: from n/a through...
6.5CVSS
6.9AI Score
0.0004EPSS
The WordPress Online Booking and Scheduling Plugin – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Color Profile parameter in all versions up to, and including, 23.2 due to insufficient input sanitization and output escaping. This makes it possible for...
6.4CVSS
5.8AI Score
0.0004EPSS
The WordPress Online Booking and Scheduling Plugin – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Color Profile parameter in all versions up to, and including, 23.2 due to insufficient input sanitization and output escaping. This makes it possible for...
6.4CVSS
0.0004EPSS
The WordPress Online Booking and Scheduling Plugin – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Color Profile parameter in all versions up to, and including, 23.2 due to insufficient input sanitization and output escaping. This makes it possible for...
6.4CVSS
0.0004EPSS
The WordPress Online Booking and Scheduling Plugin – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Color Profile parameter in all versions up to, and including, 23.2 due to insufficient input sanitization and output escaping. This makes it possible for...
6.4CVSS
5.8AI Score
0.0004EPSS
Description of the security update for SharePoint Server Subscription Edition: June 11, 2024 (KB5002603) Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and...
7.8CVSS
8AI Score
0.001EPSS
Description The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'event', 'location', and 'event_category' shortcodes in all versions up to, and including, 6.4.7.3 due to insufficient input sanitization and...
6.4CVSS
5.8AI Score
0.0004EPSS
Salon booking system < 10.0 - Missing Authorization
Description The Salon booking system plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions hooked into admin_init in all versions up to, and including, 9.9. This makes it possible for authenticated attackers with...
4.3CVSS
6.4AI Score
0.001EPSS
A European Summer of Sports is Upon Us – What Does it Mean for Security?
The recent Champions League final in London (congratulations, Real Madrid!) marked the opening shot to a hot European summer of major sporting events. We now approach the highly anticipated UEFA EURO 2024 football tournament in Germany and the Olympic Games in Paris 2024. And as we do, bad actors.....
7AI Score
Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through...
9.8CVSS
5.4AI Score
0.001EPSS
Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through...
9.8CVSS
0.001EPSS
Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through...
5.3CVSS
7AI Score
0.001EPSS
Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through...
5.3CVSS
0.001EPSS
Description The WordPress Online Booking and Scheduling Plugin – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Color Profile parameter in all versions up to, and including, 23.2 due to insufficient input sanitization and output escaping. This makes it possible...
6.4CVSS
5.7AI Score
0.0004EPSS
Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through...
9.8CVSS
0.001EPSS
Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through...
9.8CVSS
8.3AI Score
0.001EPSS
CVE-2024-31275 WordPress EventPrime plugin <= 3.3.4 - Booking Price Manipulation vulnerability
Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through...
8.2CVSS
0.001EPSS
CVE-2024-31275 WordPress EventPrime plugin <= 3.3.4 - Booking Price Manipulation vulnerability
Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through...
8.2CVSS
6.9AI Score
0.001EPSS
Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through...
7.5CVSS
7.6AI Score
0.0004EPSS
Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through...
7.5CVSS
0.0004EPSS
Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through...
7.5CVSS
0.0004EPSS
Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through...
7.5CVSS
6.9AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CodePeople WP Time Slots Booking Form allows Stored XSS.This issue affects WP Time Slots Booking Form: from n/a through...
7.1CVSS
6.9AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CodePeople WP Time Slots Booking Form allows Stored XSS.This issue affects WP Time Slots Booking Form: from n/a through...
7.1CVSS
0.0004EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CodePeople WP Time Slots Booking Form allows Stored XSS.This issue affects WP Time Slots Booking Form: from n/a through...
7.1CVSS
0.0004EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CodePeople WP Time Slots Booking Form allows Stored XSS.This issue affects WP Time Slots Booking Form: from n/a through...
7.1CVSS
6.8AI Score
0.0004EPSS
The Salon booking system plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions hooked into admin_init in all versions up to, and including, 9.9. This makes it possible for authenticated attackers with subscriber...
4.3CVSS
4.2AI Score
0.001EPSS
The Salon booking system plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions hooked into admin_init in all versions up to, and including, 9.9. This makes it possible for authenticated attackers with subscriber...
4.3CVSS
0.001EPSS
CVE-2024-4468 Salon booking system <= 9.9 - Missing Authorization
The Salon booking system plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions hooked into admin_init in all versions up to, and including, 9.9. This makes it possible for authenticated attackers with subscriber...
4.3CVSS
0.001EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 27, 2024 to June 2, 2024)
_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...
10CVSS
9.6AI Score
EPSS
WP Booking < 2.4.5 - Authenticated Stored Cross-Site Scripting
Description The WP Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will....
5.7AI Score
0.0004EPSS
Summary IBM App Connect Enterprise Certified Container Designer flows that use the calendly, square or docusign connector are vulnerable to loss of confidentiality when an access token expires and is refreshed. This bulletin provides patch information to address the reported vulnerability in the...
4.3CVSS
4.5AI Score
0.0004EPSS
Bookster <= 1.1.0 - Unauthenticated Appointment Status Update
Description The plugin allows adding sensitive parameters when validating appointments allowing attackers to manipulate the data sent when booking an appointment (the request body) to change its status from pending to...
6.6AI Score
0.0004EPSS
Bookster <= 1.1.0 - Unauthenticated Appointment Status Update
Description The plugin allows adding sensitive parameters when validating appointments allowing attackers to manipulate the data sent when booking an appointment (the request body) to change its status from pending to approved. PoC 1. Open the Wordpress where the plugin is installed with default...
6.4AI Score
0.0004EPSS
Missing Authorization vulnerability in Spiffy Plugins Spiffy Calendar.This issue affects Spiffy Calendar: from n/a through...
6.3CVSS
7.2AI Score
0.0004EPSS
Missing Authorization vulnerability in Spiffy Plugins Spiffy Calendar.This issue affects Spiffy Calendar: from n/a through...
6.3CVSS
5.5AI Score
0.0004EPSS
CVE-2024-30528 WordPress Spiffy Calendar plugin <= 4.9.10 - Broken Access Control vulnerability
Missing Authorization vulnerability in Spiffy Plugins Spiffy Calendar.This issue affects Spiffy Calendar: from n/a through...
5.4CVSS
5.5AI Score
0.0004EPSS
External Control of Assumed-Immutable Web Parameter vulnerability in PINPOINT.WORLD Pinpoint Booking System allows Functionality Misuse.This issue affects Pinpoint Booking System: from n/a through...
6.5CVSS
6.5AI Score
0.0004EPSS
External Control of Assumed-Immutable Web Parameter vulnerability in PINPOINT.WORLD Pinpoint Booking System allows Functionality Misuse.This issue affects Pinpoint Booking System: from n/a through...
6.5CVSS
7.2AI Score
0.0004EPSS
CVE-2023-38520 WordPress Pinpoint Booking System plugin <= 2.9.9.3.4 - Parameter Tampering
External Control of Assumed-Immutable Web Parameter vulnerability in PINPOINT.WORLD Pinpoint Booking System allows Functionality Misuse.This issue affects Pinpoint Booking System: from n/a through...
6.5CVSS
6.5AI Score
0.0004EPSS
The Events Calendar WordPress plugin before 6.4.0.1 does not properly sanitize user-submitted content when rendering some views via...
9.5AI Score
0.0004EPSS
The Events Calendar WordPress plugin before 6.4.0.1 does not properly sanitize user-submitted content when rendering some views via...
7.1AI Score
0.0004EPSS
CVE-2024-4180 The Events Calendar < 6.4.0.1 - Reflected XSS
The Events Calendar WordPress plugin before 6.4.0.1 does not properly sanitize user-submitted content when rendering some views via...
9.5AI Score
0.0004EPSS
CVE-2024-4180 The Events Calendar < 6.4.0.1 - Reflected XSS
The Events Calendar WordPress plugin before 6.4.0.1 does not properly sanitize user-submitted content when rendering some views via...
6.8AI Score
0.0004EPSS
Missing Authorization vulnerability in CodePeople CP Multi View Event Calendar allows Functionality Misuse.This issue affects CP Multi View Event Calendar: from n/a through...
4.3CVSS
4.7AI Score
0.0004EPSS