Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdevelop, oplugins Booking Manager.This issue affects Booking Manager: from n/a through...
8.8CVSS
8.2AI Score
0.001EPSS
The Booking Manager WordPress plugin before 2.0.29 does not validate URLs input in it's admin panel or in shortcodes for showing events from a remote .ics file, allowing an attacker with privileges as low as Subscriber to perform SSRF attacks on the sites internal...
8.8CVSS
8.6AI Score
0.001EPSS
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MagePeople Team Booking and Rental Manager for Bike plugin <= 1.2.1...
4.8CVSS
5AI Score
0.0004EPSS
The Amelia WordPress plugin before 1.0.47 stores image blobs into actual files whose extension is controlled by the user, which may lead to PHP backdoors being uploaded onto the site. This vulnerability can be exploited by logged-in users with the custom "Amelia Manager"...
8.8CVSS
8.6AI Score
0.001EPSS