Lucene search
K

12 matches found

NVD
NVD
added 2026/06/24 7:16 a.m.12 views

CVE-2026-9721

The Book a Room Event Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9. This is due to missing or incorrect nonce validation on the settingsform/updatesettings functionality. The plugin's options page handler dispatches on the...

4.3CVSS0.00103EPSS
Exploits0References4
CVE
CVE
added 2026/06/24 5:33 a.m.6 views

CVE-2026-9721

CVE-2026-9721 affects the Book a Room Event Calendar plugin for WordPress (versions up to 1.9). The vulnerability is a Cross-Site Request Forgery due to missing nonce validation on the settings_form()/update_settings() flow. The plugin’s settings page accepts POST actions and persists configurati...

4.3CVSS5.8AI score0.00103EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/24 5:33 a.m.9 views

EUVD-2026-38658

The Book a Room Event Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9. This is due to missing or incorrect nonce validation on the settingsform/updatesettings functionality. The plugin's options page handler dispatches on the...

4.3CVSS5.8AI score0.00103EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.33 views

CVE-2026-9721 Book a Room Event Calendar <= 1.9 - Cross-Site Request Forgery to Settings Update

The Book a Room Event Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9. This is due to missing or incorrect nonce validation on the settingsform/updatesettings functionality. The plugin's options page handler dispatches on the...

4.3CVSS0.00103EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-51703

Name of the Vulnerable Software and Affected Versions Book a Room Event Calendar versions prior to 2.0 Description The Book a Room Event Calendar plugin for WordPress is subject to Cross-Site Request Forgery CSRF, a flaw where an attacker tricks a victim into performing an action they did not...

4.3CVSS5.6AI score0.00103EPSS
Exploits0References9
Patchstack
Patchstack
added 2026/06/23 4:40 p.m.5 views

WordPress Book a Room Event Calendar plugin <= 1.9 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by swat in WordPress Plugin Book a Room Event Calendar versions = 1.9...

4.3CVSS5.8AI score0.00103EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/02/12 10:15 a.m.7 views

CVE-2024-13437

The Book a Room plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.9. This is due to missing or incorrect nonce validation on the 'bookaroomSettings' page. This makes it possible for unauthenticated attackers to update the plugin's settings vi...

4.3CVSS7.2AI score0.00151EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/02/12 9:22 a.m.9 views

CVE-2024-13437 Book a Room <= 2.9 - Cross-Site Request Forgery to Settings Update

The Book a Room plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.9. This is due to missing or incorrect nonce validation on the 'bookaroomSettings' page. This makes it possible for unauthenticated attackers to update the plugin's settings vi...

4.3CVSS4.3AI score0.00151EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/02/12 9:22 a.m.13 views

CVE-2024-13437 Book a Room <= 2.9 - Cross-Site Request Forgery to Settings Update

The Book a Room plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.9. This is due to missing or incorrect nonce validation on the 'bookaroomSettings' page. This makes it possible for unauthenticated attackers to update the plugin's settings vi...

4.3CVSS0.00151EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/02/12 12:0 a.m.2 views

WordPress plugin Book a Room 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

4.3CVSS8.2AI score0.00151EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/02/11 10:49 p.m.4 views

WordPress Book a Room plugin <= 2.9 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by SOPROBRO in WordPress Plugin Book a Room versions = 2.9...

4.3CVSS6.9AI score0.00151EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2016/10/26 12:0 a.m.1 views

Cross-site scripting vulnerability in Wordpress plugin book-a-room

book-a-room is a Wordpress plugin primarily used for library specific meeting room bookings and public events calendar system management and staff events. The book-a-room plugin is vulnerable to an xss vulnerability due to improper filtering of user input, which could allow an attacker to constru...

7.5AI score
Exploits0
Rows per page
Query Builder