WordPress Advanced Booking Calendar <1.7.1 - Cross-Site Scripting

WordPress Advanced Booking Calendar plugin before 1.7.1 contains a cross-site scripting vulnerability. It does not sanitize and escape the room parameter before outputting it back in an admin page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of th...

CVE-2022-0694

The Advanced Booking Calendar WordPress plugin before 1.7.0 does not validate and escape the calendar parameter before using it in a SQL statement via the abcbookinggetSingleCalendar AJAX action available to both unauthenticated and authenticated users, leading to an unauthenticated SQL injection...

EUVD-2021-11139

Malware in sbrugna...

EUVD-2022-48676

Malicious code in bioql PyPI...

EUVD-2022-48678

Malicious code in bioql PyPI...

EUVD-2022-15773

Malicious code in bioql PyPI...

VulnCheck KEV: CVE-2022-1006

The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the id parameter when editing Calendars, which could allow high privilege users such as admin to perform SQL injection attacks...

CVE-2022-1006

The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the id parameter when editing Calendars, which could allow high privilege users such as admin to perform SQL injection attacks...

CVE-2022-1007

The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the room parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue...

CVE-2021-24225

The Advanced Booking Calendar WordPress plugin before 1.6.7 did not sanitise the calId GET parameter in the "Seasons & Calendars" page before outputing it in an A tag, leading to a reflected XSS issue...

WordPress Advanced Booking Calendar Plugin <= 3.2.11 is vulnerable to SQL Injection

Software Advanced Booking Calendar Type Plugin Vulnerable versions = 3.2.11 Fixed in 3.2.12 OWASP Top 10 A1: Injection Classification SQL Injection CVE N/A Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID cef456031167 Credits N/A Required privilege Administrator Published 3...

CVE-2022-45824

Cross-Site Request Forgery CSRF vulnerability in Advanced Booking Calendar plugin = 1.7.1 on WordPress...

CVE-2022-45824

Cross-Site Request Forgery CSRF vulnerability in Advanced Booking Calendar plugin = 1.7.1 on WordPress...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Advanced Booking Calendar plugin = 1.7.1 on WordPress...

CVE-2022-45822

Unauth. SQL Injection SQLi vulnerability in Advanced Booking Calendar plugin = 1.7.1 on WordPress...

CVE-2022-45822

Unauth. SQL Injection SQLi vulnerability in Advanced Booking Calendar plugin = 1.7.1 on WordPress...

Sql injection

Unauth. SQL Injection SQLi vulnerability in Advanced Booking Calendar plugin = 1.7.1 on WordPress...

CVE-2022-45824

CVE-2022-45824 describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin Advanced Booking Calendar, version 1.7.1 and earlier. Multiple sources confirm missing CSRF checks in certain areas, enabling an attacker to trick an authenticated user into performing unintended ac...

CVE-2022-45824 WordPress Advanced Booking Calendar Plugin <= 1.7.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Advanced Booking Calendar plugin = 1.7.1 on WordPress...

CVE-2022-45822

The CVE-2022-45822 entry concerns an unauthenticated SQL Injection in the WordPress plugin Advanced Booking Calendar up to version 1.7.1 . The root cause, as documented in connected sources, is improper sanitisation/escaping of a parameter used in a SQL statement, enabling unauthenticated users t...