WordPress WP BASE Booking plugin <= 5.9.0 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Jarno Vos jrn5151 in WordPress Plugin WP BASE Booking versions = 5.9.0...

PT-2025-4622 · Hakan Ozevin · Wp Base Booking

Name of the Vulnerable Software and Affected Versions: Hakan Ozevin WP BASE Booking versions prior to 5.0.0 Description: The issue is related to improper neutralization of input during web page generation, which allows for stored Cross-site Scripting XSS. This means that an attacker can inject...

WordPress WP BASE Booking plugin <= 4.9.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via app_export_db vulnerability

Missing Authorization to Authenticated Subscriber+ Sensitive Information Exposure via appexportdb vulnerability discovered by Thanh Nam Tran in WordPress Plugin WP BASE Booking versions = 4.9.2...

WordPress WP BASE Booking plugin <= 4.9.1 - Reflected Cross-Site Scripting via status Parameter vulnerability

Reflected Cross-Site Scripting via status Parameter vulnerability discovered by vgo0 in WordPress Plugin WP BASE Booking versions = 4.9.1...