Booking Security Vulnerabilities
6.8CVSS
6.7AI Score
0.001EPSS
PHP Scripts Mall Single Theater Booking has SQL Injection via the admin/movieview.php movieid...
7.2CVSS
7.6AI Score
0.001EPSS
Bus Booking Script has SQL Injection via the admin/view_seatseller.php sp_id parameter or the admin/view_member.php memid...
7.2CVSS
7.5AI Score
0.001EPSS
PHP Scripts Mall Single Theater Booking has XSS via the admin/viewtheatre.php theatreid...
4.8CVSS
4.9AI Score
0.001EPSS
8.8CVSS
8.7AI Score
0.001EPSS
SQL injection vulnerability in load-calendar.php in PHPJabbers Event Booking Calendar 2.0 allows remote attackers to execute arbitrary SQL commands via the cid...
8.7AI Score
0.001EPSS
Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in Booking Ultra Pro plugin <= 1.1.4 at...
6.1CVSS
6.2AI Score
0.001EPSS
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Booking Ultra Pro plugin <= 1.1.4 at...
8.8CVSS
9AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in WPdevelop/Oplugins Booking Calendar plugin <= 9.2.1 at WordPress leading to Translations...
5.4CVSS
4.6AI Score
0.001EPSS
The Simply Schedule Appointments WordPress plugin before 1.5.7.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
4.8CVSS
4.7AI Score
0.001EPSS
The Simply Schedule Appointments WordPress plugin before 1.5.7.7 is missing authorisation in a REST endpoint, allowing unauthenticated users to retrieve WordPress users details such as name and email...
5.3CVSS
5.2AI Score
0.003EPSS
The Rezgo Online Booking WordPress plugin before 4.1.8 does not sanitise and escape some parameters before outputting them back in a page, leading to a Reflected Cross-Site Scripting, which can be exploited either via a LFI in an AJAX action, or direct call to the affected...
6.1CVSS
6.1AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Hotel Booking plugin <= 1.10.5 at...
8CVSS
7.9AI Score
0.001EPSS
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WebbaPlugins Webba Booking plugin <= 4.2.21 at...
4.8CVSS
4.8AI Score
0.001EPSS
A vulnerability, which was classified as problematic, has been found in SourceCodester Wedding Hall Booking System. Affected by this issue is some unknown functionality of the file /whbs/?page=manage_account of the component Profile Page. The manipulation leads to cross site scripting. The attack.....
5.4CVSS
5.2AI Score
0.001EPSS
A vulnerability, which was classified as problematic, was found in SourceCodester Wedding Hall Booking System. This affects an unknown part of the file /whbs/admin/?page=user of the component Staff User Profile. The manipulation of the argument First Name/Last Name leads to cross site scripting....
5.4CVSS
5.2AI Score
0.001EPSS
A vulnerability classified as problematic was found in SourceCodester Wedding Hall Booking System. Affected by this vulnerability is an unknown functionality of the file /whbs/?page=my_bookings of the component Booking Form. The manipulation of the argument Remarks leads to cross site scripting....
5.4CVSS
5.3AI Score
0.001EPSS
A vulnerability classified as problematic has been found in SourceCodester Wedding Hall Booking System. Affected is an unknown function of the file /whbs/?page=contact_us of the component Contact Page. The manipulation of the argument Message leads to cross site scripting. It is possible to launch....
5.4CVSS
5.3AI Score
0.001EPSS
A vulnerability was found in Rigatur Online Booking and Hotel Management System aff6409. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.php of the component POST Request Handler. The manipulation of the argument email/pass leads to...
8.8CVSS
8.9AI Score
0.001EPSS
A vulnerability was found in Online Hotel Booking System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file edit_room_cat.php of the component Room Handler. The manipulation of the argument roomname leads to sql injection. The attack may be launched...
7.2CVSS
7.2AI Score
0.001EPSS
A vulnerability has been found in Online Hotel Booking System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file edit_all_room.php of the component Room Handler. The manipulation of the argument id with the input...
7.2CVSS
7.3AI Score
0.001EPSS
The Free Booking Plugin for Hotels, Restaurant and Car Rental WordPress plugin before 1.1.16 suffers from insufficient input validation which leads to arbitrary file upload and subsequently to remote code execution. An AJAX action accessible to unauthenticated users is affected by this issue. An...
9.8CVSS
9.9AI Score
0.731EPSS
A vulnerability classified as critical has been found in Online Hotel Booking System Pro Plugin 1.0. Affected is an unknown function of the file /front/roomtype-details.php. The manipulation of the argument tid leads to sql injection. It is possible to launch the attack remotely. The exploit has...
8.8CVSS
9AI Score
0.001EPSS
A vulnerability classified as critical was found in Online Hotel Booking System Pro 1.2. Affected by this vulnerability is an unknown functionality of the file /roomtype-details.php. The manipulation of the argument tid leads to sql injection. The attack can be launched remotely. The exploit has...
9.8CVSS
9.8AI Score
0.005EPSS
Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Nicdark's Hotel Booking plugin <= 3.0 at...
5.4CVSS
5.3AI Score
0.001EPSS
The Appointment Hour Booking WordPress plugin before 1.3.56 does not sanitise and escape a settings of its Calendar fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is...
4.8CVSS
4.7AI Score
0.001EPSS
9.8CVSS
9.8AI Score
0.002EPSS
9.8CVSS
9.8AI Score
0.002EPSS
9.8CVSS
9.9AI Score
0.002EPSS
9.8CVSS
9.8AI Score
0.002EPSS
9.8CVSS
9.8AI Score
0.002EPSS
6.5CVSS
6.4AI Score
0.001EPSS
9.8CVSS
9.8AI Score
0.002EPSS
9.8CVSS
9.8AI Score
0.002EPSS
9.8CVSS
9.8AI Score
0.002EPSS
9.8CVSS
9.8AI Score
0.002EPSS
9.8CVSS
9.8AI Score
0.002EPSS
9.8CVSS
9.8AI Score
0.002EPSS
9.8CVSS
9.8AI Score
0.002EPSS
The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.9 does not escape the current URL before putting it back in a JavaScript context, leading to a Reflected Cross-Site...
6.1CVSS
6AI Score
0.001EPSS
Online Sports Complex Booking System v1.0 was discovered to allow attackers to take over user accounts via a crafted POST...
9.8CVSS
9.2AI Score
0.003EPSS
A Cross-Site Request Forgery (CSRF) in Online Banquet Booking System v1.0 allows attackers to change admin credentials via a crafted POST...
8.8CVSS
8.5AI Score
0.001EPSS
Online Sports Complex Booking System v1.0 was discovered to contain a blind SQL injection vulnerability via the id parameter in...
9.8CVSS
9.8AI Score
0.002EPSS
9.8CVSS
9.8AI Score
0.003EPSS
6.1CVSS
6.7AI Score
0.002EPSS
Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /classes/master.php?f=delete_...
8.8CVSS
9AI Score
0.001EPSS
Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Opal Hotel Room Booking plugin <= 1.2.7 at...
5.4CVSS
5.2AI Score
0.001EPSS
The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not properly validate images, allowing high privilege users such as administrators to upload PHP files disguised as images and containing malicious PHP...
7.2CVSS
7AI Score
0.001EPSS
The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not have CSRF check in place when adding a tracking campaign, and does not escape the campaign fields when outputting them In attributes. As a result, attackers could make a logged in admin add tracking campaign with XSS.....
6.5CVSS
6.1AI Score
0.001EPSS
The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not escape various settings before outputting them in attributes, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is...
4.8CVSS
4.8AI Score
0.001EPSS