Improper Privilege Management vulnerability in SAASPROJECT Booking Package Booking Package allows Privilege Escalation.This issue affects Booking Package: from n/a through...
8.8CVSS
6.8AI Score
0.0004EPSS
The WP Hotel Booking WordPress plugin before 2.0.8 does not have proper authorisation when deleting a package, allowing Contributor and above roles to delete posts that do no belong to...
5.4CVSS
5.4AI Score
0.0004EPSS
The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not ensure that the package to be deleted is a package, allowing any authenticated users, such as subscriber to delete arbitrary...
5.4CVSS
5.5AI Score
0.0004EPSS
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in SAASPROJECT Booking Package Booking Package plugin <= 1.6.01...
7.1CVSS
6AI Score
0.0005EPSS
The Booking Package WordPress plugin before 1.5.29 requires a token for exporting the ical representation of it's booking calendar, but this token is returned in the json response to unauthenticated users performing a booking, leading to a sensitive data disclosure...
7.5CVSS
7.4AI Score
0.002EPSS
Cross-site scripting vulnerability in Booking Package - Appointment Booking Calendar System versions prior to 1.5.11 allows a remote attacker to inject an arbitrary script via unspecified...
6.1CVSS
6AI Score
0.002EPSS