Lucene search
K

539 matches found

CVE
CVE
added 12 hours ago8 views

CVE-2026-9180

MotoPress Appointment Booking for WordPress (versions up to 2.4.4) is vulnerable to an Authorization Bypass via a user-controlled booking_id. The REST endpoint POST /motopress/appointment/v1/bookings is registered with a permissive permission_callback (return_true ), and createBooking() loads the...

5.3CVSS5.7AI score
Exploits0References6
Nuclei
Nuclei
added 13 hours ago29 views

TrueBooker <= 1.0.2 - SQL Injection

The TrueBooker Appointment Booking and Scheduler Plugin. plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 1.0.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...

9.8CVSS6AI score0.03292EPSS
Exploits1References2
NVD
NVD
added 2 days ago8 views

CVE-2026-13454

The MotoPress Appointment Booking plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 2.4.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

6.5CVSS0.00361EPSS
Exploits0References6
CVE
CVE
added 2 days ago11 views

CVE-2026-13454

CVE-2026-13454 affects MotoPress Appointment Booking for WordPress (

6.5CVSS5.8AI score0.00361EPSS
Exploits0References6
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-40938

The MotoPress Appointment Booking plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 2.4.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

6.5CVSS5.8AI score0.00361EPSS
Exploits0References6
Cvelist
Cvelist
added 2 days ago33 views

CVE-2026-13454 MotoPress Appointment Booking <= 2.4.5 - Authenticated (Staff+) SQL Injection via 's' Parameter

The MotoPress Appointment Booking plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 2.4.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

6.5CVSS0.00361EPSS
Exploits0References6
Patchstack
Patchstack
added 3 days ago5 views

WordPress MotoPress Appointment Booking plugin <= 2.4.5 - Authenticated (Staff+) SQL Injection vulnerability

Authenticated Staff+ SQL Injection vulnerability discovered by MatilJ in WordPress Plugin MotoPress Appointment Booking versions = 2.4.5...

6.5CVSS5.8AI score0.00361EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 3 days ago5 views

WordPress Appointment Booking Calendar plugin <= 1.4.02 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Disclosure vulnerability

Missing Authorization to Authenticated Contributor+ Sensitive Information Disclosure vulnerability discovered by PRISM in WordPress Plugin Appointment Booking Calendar versions = 1.4.02...

4.3CVSS5.8AI score0.00228EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/19 6:17 a.m.14 views

CVE-2026-1856

The Appointment Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom booking field labels in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00193EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/19 4:31 a.m.10 views

EUVD-2026-37980

The Appointment Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom booking field labels in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS6AI score0.00193EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/19 4:31 a.m.28 views

CVE-2026-1856 Appointment Booking Calendar <= 1.4.4 - Authenticated (Author+) Stored Cross-Site Scripting via Custom Booking Field Label

The Appointment Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom booking field labels in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00193EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/19 4:31 a.m.7 views

CVE-2026-1856

The Appointment Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom booking field labels in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS6AI score0.00193EPSS
Exploits0References5
NVD
NVD
added 2026/06/18 8:16 a.m.11 views

CVE-2026-12111

The Appointment Booking Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.4.01. This is due to insufficient authorization and missing per-calendar ownership checks in the cpabcappointmentscalendarload2 function, which is reachable vi...

4.3CVSS0.00285EPSS
Exploits0References10
EUVD
EUVD
added 2026/06/18 6:50 a.m.9 views

EUVD-2026-37864

The Appointment Booking Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.4.01. This is due to insufficient authorization and missing per-calendar ownership checks in the cpabcappointmentscalendarload2 function, which is reachable vi...

4.3CVSS5.4AI score0.00285EPSS
Exploits0References10
Patchstack
Patchstack
added 2026/06/17 6:14 p.m.6 views

WordPress Appointment Booking Calendar plugin <= 1.4.01 - Authenticated (Contributor+) Sensitive Information Exposure vulnerability

Authenticated Contributor+ Sensitive Information Exposure vulnerability discovered by ? in WordPress Plugin Appointment Booking Calendar versions = 1.4.01...

4.3CVSS5.3AI score0.00285EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/15 2:16 p.m.13 views

CVE-2016-20084

WordPress appointment-booking-calendar 1.1.24 contains multiple privilege escalation vulnerabilities that allow unauthenticated attackers to modify calendar settings and inject persistent cross-site scripting payloads through the admin.php page parameters. Attackers can inject malicious JavaScrip...

7.2CVSS0.00245EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/15 12:0 p.m.9 views

CVE-2016-20084 WordPress appointment-booking-calendar 1.1.24 Privilege Escalation XSS

WordPress appointment-booking-calendar 1.1.24 contains multiple privilege escalation vulnerabilities that allow unauthenticated attackers to modify calendar settings and inject persistent cross-site scripting payloads through the admin.php page parameters. Attackers can inject malicious JavaScrip...

7.2CVSS5.3AI score0.00245EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/15 12:0 p.m.34 views

CVE-2016-20084 WordPress appointment-booking-calendar 1.1.24 Privilege Escalation XSS

WordPress appointment-booking-calendar 1.1.24 contains multiple privilege escalation vulnerabilities that allow unauthenticated attackers to modify calendar settings and inject persistent cross-site scripting payloads through the admin.php page parameters. Attackers can inject malicious JavaScrip...

7.2CVSS0.00245EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.11 views

PT-2026-49222

WordPress appointment-booking-calendar 1.1.24 contains multiple privilege escalation vulnerabilities that allow unauthenticated attackers to modify calendar settings and inject persistent cross-site scripting payloads through the admin.php page parameters. Attackers can inject malicious JavaScrip...

7.2CVSS5.3AI score0.00245EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:50 p.m.9 views

CVE-2026-7089

A security vulnerability has been detected in code-projects Home Service System 1.0. The impacted element is an unknown function of the file /booking.php of the component Appointment Booking. The manipulation of the argument fname/lname leads to cross site scripting. The attack may be initiated...

5.3CVSS3.8AI score0.00377EPSS
Exploits0References1
Rows per page
Query Builder