12 matches found
CVE-2026-9721
The Book a Room Event Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9. This is due to missing or incorrect nonce validation on the settingsform/updatesettings functionality. The plugin's options page handler dispatches on the...
CVE-2026-9721
CVE-2026-9721 affects the Book a Room Event Calendar plugin for WordPress (versions up to 1.9). The vulnerability is a Cross-Site Request Forgery due to missing nonce validation on the settings_form()/update_settings() flow. The plugin’s settings page accepts POST actions and persists configurati...
EUVD-2026-38658
The Book a Room Event Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9. This is due to missing or incorrect nonce validation on the settingsform/updatesettings functionality. The plugin's options page handler dispatches on the...
CVE-2026-9721 Book a Room Event Calendar <= 1.9 - Cross-Site Request Forgery to Settings Update
The Book a Room Event Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9. This is due to missing or incorrect nonce validation on the settingsform/updatesettings functionality. The plugin's options page handler dispatches on the...
PT-2026-51703
Name of the Vulnerable Software and Affected Versions Book a Room Event Calendar versions prior to 2.0 Description The Book a Room Event Calendar plugin for WordPress is subject to Cross-Site Request Forgery CSRF, a flaw where an attacker tricks a victim into performing an action they did not...
WordPress Book a Room Event Calendar plugin <= 1.9 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by swat in WordPress Plugin Book a Room Event Calendar versions = 1.9...
CVE-2024-13437
The Book a Room plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.9. This is due to missing or incorrect nonce validation on the 'bookaroomSettings' page. This makes it possible for unauthenticated attackers to update the plugin's settings vi...
CVE-2024-13437 Book a Room <= 2.9 - Cross-Site Request Forgery to Settings Update
The Book a Room plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.9. This is due to missing or incorrect nonce validation on the 'bookaroomSettings' page. This makes it possible for unauthenticated attackers to update the plugin's settings vi...
CVE-2024-13437 Book a Room <= 2.9 - Cross-Site Request Forgery to Settings Update
The Book a Room plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.9. This is due to missing or incorrect nonce validation on the 'bookaroomSettings' page. This makes it possible for unauthenticated attackers to update the plugin's settings vi...
WordPress plugin Book a Room 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...
WordPress Book a Room plugin <= 2.9 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by SOPROBRO in WordPress Plugin Book a Room versions = 2.9...
Cross-site scripting vulnerability in Wordpress plugin book-a-room
book-a-room is a Wordpress plugin primarily used for library specific meeting room bookings and public events calendar system management and staff events. The book-a-room plugin is vulnerable to an xss vulnerability due to improper filtering of user input, which could allow an attacker to constru...