46 matches found
CVE-2026-24371
Missing Authorization vulnerability in bookingalgorithms BA Book Everything ba-book-everything allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BA Book Everything: from n/a through = 1.8.16...
CVE-2026-24371 WordPress BA Book Everything plugin <= 1.8.16 - Broken Access Control vulnerability
Missing Authorization vulnerability in bookingalgorithms BA Book Everything ba-book-everything allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BA Book Everything: from n/a through = 1.8.16...
CVE-2026-24371 WordPress BA Book Everything plugin <= 1.8.16 - Broken Access Control vulnerability
Missing Authorization vulnerability in bookingalgorithms BA Book Everything ba-book-everything allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BA Book Everything: from n/a through = 1.8.16...
WordPress plugin BA Book Everything security vulnerabilities
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
EUVD-2025-204470
The BA Book Everything plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's babe-search-form shortcode in all versions up to, and including, 1.8.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-14449
The BA Book Everything WordPress plugin (BA Book Everything) has a Stored XSS via the babe-search-form shortcode in all versions up to 1.8.14. Exploitation requires authenticated access at Contributor level or higher; scripts can run when users view an injected page. Wordfence notes the vulnerabi...
CVE-2025-14449 BA Book Everything <= 1.8.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via babe-search-form Shortcode
The BA Book Everything plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's babe-search-form shortcode in all versions up to, and including, 1.8.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WordPress plugin BA Book Everything 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
PT-2025-52420
The BA Book Everything plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's babe-search-form shortcode in all versions up to, and including, 1.8.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
EUVD-2024-29946
Malicious code in bioql PyPI...
CVE-2024-3672
The BA Book Everything plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'all-items' shortcode in all versions up to, and including, 1.6.8 due to insufficient input sanitization and output escaping on user supplied attributes such as 'classes'. This makes it...
CVE-2024-47360
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bookingalgorithms BA Book Everything ba-book-everything.This issue affects BA Book Everything: from n/a through = 1.6.20...
CVE-2024-32125
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Booking Algorithms BA Book Everything.This issue affects BA Book Everything: from n/a through 1.6.4...
CVE-2024-47360
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bookingalgorithms BA Book Everything ba-book-everything.This issue affects BA Book Everything: from n/a through = 1.6.20...
CVE-2024-47360 WordPress BA Book Everything plugin <= 1.6.20 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Booking Algorithms BA Book Everything allows Reflected XSS.This issue affects BA Book Everything: from n/a through 1.6.20...
CVE-2024-47360
CVE-2024-47360 : WordPress BA Book Everything plugin (vulnerable:
WordPress plugin BA Book Everything 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress BA Book Everything Plugin <= 1.6.20 is vulnerable to Cross Site Scripting (XSS)
Software BA Book Everything Type Plugin Vulnerable versions = 1.6.20 Fixed in 1.6.21 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47360 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e3cd73e82790 Credits Dimas Maulana Required...
CVE-2024-8794
The BA Book Everything plugin for WordPress is vulnerable to arbitrary password reset in all versions up to, and including, 1.6.20. This is due to the resetuserpassword function not verifying a user's identity prior to setting a password. This makes it possible for unauthenticated attackers to...
CVE-2024-8794
The BA Book Everything plugin for WordPress is vulnerable to arbitrary password reset in all versions up to, and including, 1.6.20. This is due to the resetuserpassword function not verifying a user's identity prior to setting a password. This makes it possible for unauthenticated attackers to...