35 matches found
WP BASE Booking - Reflected XSS
WP BASE Booking of Appointments, Services and Events WordPress plugin 5.0.0 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before output, letting attackers execute malicious scripts in high privilege users' browsers, exploit requires victim to...
EUVD-2026-36968
Unauthenticated Privilege Escalation in WP BASE Booking = 5.9.0 versions...
CVE-2026-39587
Unauthenticated Privilege Escalation in WP BASE Booking = 5.9.0 versions...
CVE-2026-39587
CVE-2026-39587 affects WordPress WP BASE Booking plugin versions
CVE-2026-39587 WordPress WP BASE Booking plugin <= 5.9.0 - Privilege Escalation vulnerability
Unauthenticated Privilege Escalation in WP BASE Booking = 5.9.0 versions...
PT-2026-49403
Unauthenticated Privilege Escalation in WP BASE Booking = 5.9.0 versions...
WordPress WP BASE Booking plugin <= 5.9.0 - Privilege Escalation vulnerability
Privilege Escalation vulnerability discovered by Jarno Vos jrn5151 in WordPress Plugin WP BASE Booking versions = 5.9.0...
WordPress WP BASE Booking of Appointments, Services and Events plugin < 5.0.0 - Reflected XSS vulnerability
Reflected XSS vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin WP BASE Booking versions 5.0.0...
EUVD-2025-2912
Malicious code in bioql PyPI...
CVE-2024-12737
The WP BASE Booking of Appointments, Services and Events WordPress plugin before 5.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-12737
The WP BASE Booking of Appointments, Services and Events WordPress plugin before 5.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-12737 WP BASE Booking of Appointments, Services and Events < 5.0.0 - Reflected XSS
The WP BASE Booking of Appointments, Services and Events WordPress plugin before 5.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-12737 WP BASE Booking of Appointments, Services and Events < 5.0.0 - Reflected XSS
The WP BASE Booking of Appointments, Services and Events WordPress plugin before 5.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-12737
CVE-2024-12737 : WP BASE Booking of Appointments, Services and Events (WordPress)
PT-2025-8671
Name of the Vulnerable Software and Affected Versions WP BASE Booking of Appointments, Services and Events WordPress plugin versions prior to 5.0.0 Description The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped...
CVE-2025-22684
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hakan Ozevin WP BASE Booking wp-base-booking-of-appointments-services-and-events allows Stored XSS.This issue affects WP BASE Booking: from n/a through = 5.0.0...
CVE-2025-22684
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hakan Ozevin WP BASE Booking wp-base-booking-of-appointments-services-and-events allows Stored XSS.This issue affects WP BASE Booking: from n/a through = 5.0.0...
CVE-2025-22684 WordPress WP BASE Booking plugin <= 5.0.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hakan Ozevin WP BASE Booking wp-base-booking-of-appointments-services-and-events allows Stored XSS.This issue affects WP BASE Booking: from n/a through = 5.0.0...
CVE-2025-22684 WordPress WP BASE Booking plugin <= 5.0.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hakan Ozevin WP BASE Booking wp-base-booking-of-appointments-services-and-events allows Stored XSS.This issue affects WP BASE Booking: from n/a through = 5.0.0...
CVE-2025-22684
CVE-2025-22684 is a stored XSS in the WordPress plugin “WP BASE Booking of Appointments, Services and Events” (versions up to and including 5.0.0). The vulnerability stems from improper neutralization of input during web page generation, enabling stored cross-site scripting. Affected software and...