WP BASE Booking - Reflected XSS

WP BASE Booking of Appointments, Services and Events WordPress plugin 5.0.0 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before output, letting attackers execute malicious scripts in high privilege users' browsers, exploit requires victim to...

WordPress WP BASE Booking plugin <= 5.9.0 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Jarno Vos jrn5151 in WordPress Plugin WP BASE Booking versions = 5.9.0...

WordPress WP BASE Booking of Appointments, Services and Events plugin < 5.0.0 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin WP BASE Booking versions 5.0.0...

EUVD-2025-2912

Malicious code in bioql PyPI...

CVE-2024-12737

The WP BASE Booking of Appointments, Services and Events WordPress plugin before 5.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-12737

The WP BASE Booking of Appointments, Services and Events WordPress plugin before 5.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-12737

CVE-2024-12737 : WP BASE Booking of Appointments, Services and Events (WordPress)

CVE-2024-12737 WP BASE Booking of Appointments, Services and Events < 5.0.0 - Reflected XSS

The WP BASE Booking of Appointments, Services and Events WordPress plugin before 5.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-12737 WP BASE Booking of Appointments, Services and Events < 5.0.0 - Reflected XSS

The WP BASE Booking of Appointments, Services and Events WordPress plugin before 5.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

PT-2025-8671 · WordPress · Wp Base Booking Of Appointments

Name of the Vulnerable Software and Affected Versions: WP BASE Booking of Appointments, Services and Events WordPress plugin versions prior to 5.0.0 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped...

CVE-2025-22684

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hakan Ozevin WP BASE Booking wp-base-booking-of-appointments-services-and-events allows Stored XSS.This issue affects WP BASE Booking: from n/a through = 5.0.0...

CVE-2025-22684

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hakan Ozevin WP BASE Booking wp-base-booking-of-appointments-services-and-events allows Stored XSS.This issue affects WP BASE Booking: from n/a through = 5.0.0...

CVE-2025-22684 WordPress WP BASE Booking plugin <= 5.0.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hakan Ozevin WP BASE Booking wp-base-booking-of-appointments-services-and-events allows Stored XSS.This issue affects WP BASE Booking: from n/a through = 5.0.0...

CVE-2025-22684 WordPress WP BASE Booking plugin <= 5.0.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hakan Ozevin WP BASE Booking wp-base-booking-of-appointments-services-and-events allows Stored XSS.This issue affects WP BASE Booking: from n/a through = 5.0.0...

CVE-2025-22684

CVE-2025-22684 is a stored XSS in the WordPress plugin “WP BASE Booking of Appointments, Services and Events” (versions up to and including 5.0.0). The vulnerability stems from improper neutralization of input during web page generation, enabling stored cross-site scripting. Affected software and...

PT-2025-4622 · Hakan Ozevin · Wp Base Booking

Name of the Vulnerable Software and Affected Versions: Hakan Ozevin WP BASE Booking versions prior to 5.0.0 Description: The issue is related to improper neutralization of input during web page generation, which allows for stored Cross-site Scripting XSS. This means that an attacker can inject...

WordPress plugin WP BASE Booking 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

WordPress WP BASE Booking plugin <= 5.0.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin WP BASE Booking versions = 5.0.0...

WordPress WP BASE Booking of Appointments, Services and Events Plugin <= 4.9.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh in WordPress Plugin WP BASE Booking versions = 4.9.2...

CVE-2024-12558 WP BASE Booking of Appointments, Services and Events <= 4.9.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via app_export_db

The WP BASE Booking of Appointments, Services and Events plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportdb function in all versions up to, and including, 4.9.2. This makes it possible for authenticated attackers, with...