Lucene search
K

74 matches found

Cvelist
Cvelist
added 2025/03/27 3:27 p.m.35 views

CVE-2025-22634 WordPress Easy Booked Plugin <= 2.4.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in MD Abu Jubayer Hossain Easy Booked – Appointment Booking and Scheduling Management System for WordPress easy-booked allows Cross Site Request Forgery.This issue affects Easy Booked – Appointment Booking and Scheduling Management System for WordPres...

5.4CVSS0.00132EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/27 12:0 a.m.5 views

WordPress plugin Easy Booked 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request...

5.4CVSS8.2AI score0.00132EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/02/11 3:24 p.m.9 views

WordPress Easy Booked Plugin <= 2.4.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by l8BL Patchstack Alliance in WordPress Plugin Easy Booked – Appointment Booking and Scheduling Management System for WordPress versions = 2.4.5...

5.4CVSS6.9AI score0.00132EPSS
Exploits0Affected Software1
Packet Storm
Packet Storm
added 2024/10/29 12:0 a.m.323 views

Booked Scheduler 2.8.5 Cross Site Scripting / Open Redirection

Exploit Title: Open Redirect / Reflected XSS - booked-schedulerv2.8.5 Date: 10/2024 Exploit Author: Andrey Stoykov Version: 2.8.5 Tested on: Ubuntu 22.04 Blog: https://msecureltd.blogspot.com/2024/10/friday-fun-pentest-series-13-reflected.html...

7.4AI score
Exploits0
OSV
OSV
added 2023/12/28 10:15 p.m.6 views

CVE-2022-36399

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BoxyStudio Booked - Appointment Booking for WordPress | Calendars.This issue affects Booked - Appointment Booking for WordPress | Calendars: from n/a before 2.4.4...

7.5CVSS5.8AI score0.00531EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/12/28 9:49 p.m.21 views

CVE-2022-36399 WordPress Booked Plugin < 2.4.4 is vulnerable to Sensitive Data Exposure

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BoxyStudio Booked - Appointment Booking for WordPress | Calendars.This issue affects Booked - Appointment Booking for WordPress | Calendars: from n/a before 2.4.4...

5.3CVSS7.8AI score0.00531EPSS
Exploits0References1
CVE
CVE
added 2023/12/28 9:49 p.m.93 views

CVE-2022-36399

CVE-2022-36399 affects the WordPress plugin Booked - Appointment Booking for WordPress (up to version before 2.4.4). It exposes sensitive data to unauthenticated actors due to improper access control. Fixed in version 2.4.4. Upgrading to 2.4.4+ mitigates the issue; no exploit details are provided...

7.5CVSS7.9AI score0.00531EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/12/28 12:0 a.m.7 views

WordPress Plugin Booked Information Disclosure Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. An information disclosure vulnerability...

7.5CVSS6.2AI score0.00531EPSS
Exploits0References2
Patchstack
Patchstack
added 2023/06/27 12:0 a.m.11 views

WordPress Booked Plugin < 2.4.4 is vulnerable to Sensitive Data Exposure

Software Booked Type Plugin Vulnerable versions 2.4.4 Fixed in 2.4.4 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2022-36399 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 0ab671e26c14 Credits coogee86 Required privilege...

7.5CVSS6.6AI score0.00531EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2023/01/22 6:15 a.m.26 views

CVE-2023-24058

Booked Scheduler 2.5.5 allows authenticated users to create and schedule events for any other user via a modified userId value to reservationsave.php. NOTE: 2.5.5 is a version from 2014; the latest version of Booked Scheduler is not affected. However, LabArchives Scheduler Sep 6, 2022 Feature...

4.3CVSS4.4AI score0.0085EPSS
Exploits1References7
Prion
Prion
added 2023/01/22 6:15 a.m.15 views

Code injection

Booked Scheduler 2.5.5 allows authenticated users to create and schedule events for any other user via a modified userId value to reservationsave.php. NOTE: 2.5.5 is a version from 2014; the latest version of Booked Scheduler is not affected. However, LabArchives Scheduler Sep 6, 2022 Feature...

4CVSS4.5AI score0.0085EPSS
Exploits1References7Affected Software1
Cvelist
Cvelist
added 2023/01/22 12:0 a.m.24 views

CVE-2023-24058

Booked Scheduler 2.5.5 allows authenticated users to create and schedule events for any other user via a modified userId value to reservationsave.php. NOTE: 2.5.5 is a version from 2014; the latest version of Booked Scheduler is not affected. However, LabArchives Scheduler Sep 6, 2022 Feature...

4.8AI score0.0085EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2023/01/22 12:0 a.m.33 views

CVE-2023-24058

Booked Scheduler 2.5.5 allows authenticated users to create and schedule events for any other user via a modified userId value to reservationsave.php. NOTE: 2.5.5 is a version from 2014; the latest version of Booked Scheduler is not affected. However, LabArchives Scheduler Sep 6, 2022 Feature...

6.8AI score0.0085EPSS
Exploits1References7
CNNVD
CNNVD
added 2023/01/22 12:0 a.m.5 views

Booked Scheduler 安全漏洞

Booked Scheduler is a powerful scheduling solution program from Booked. A security vulnerability exists in Booked Scheduler version 2.5.5. An attacker exploits the vulnerability to create and schedule events for any other user by modifying the userId value...

4.3CVSS5.2AI score0.0085EPSS
Exploits1References8
CVE
CVE
added 2023/01/22 12:0 a.m.53 views

CVE-2023-24058

The CVE-2023-24058 entry concerns Booked Scheduler 2.5.5 (2014) where an authenticated user can schedule events for another user by modifying the userId in reservation_save.php. The LabArchives Scheduler (2022 feature release) is also affected per linked references. The latest Booked Scheduler ve...

4.3CVSS4.4AI score0.0085EPSS
Exploits1References7Affected Software1
NVD
NVD
added 2022/07/26 6:15 a.m.23 views

CVE-2022-30706

Open redirect vulnerability in Booked versions prior to 3.3 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL...

6.1CVSS0.00548EPSS
Exploits0References2
OSV
OSV
added 2022/07/26 6:15 a.m.4 views

CVE-2022-30706

Open redirect vulnerability in Booked versions prior to 3.3 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL...

6.1CVSS5.7AI score0.00548EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/07/26 6:15 a.m.7 views

CVE-2022-30706

Open redirect vulnerability in Booked versions prior to 3.3 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL...

6.1CVSS5.8AI score0.00548EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2022/07/26 6:15 a.m.21 views

Open redirect

Open redirect vulnerability in Booked versions prior to 3.3 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL...

5.8CVSS6.2AI score0.00548EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/07/26 5:10 a.m.59 views

CVE-2022-30706

The CVE-2022-30706 issue affects Booked versions prior to 3.3. Open redirect is possible when a specially crafted URL is accessed, enabling a remote unauthenticated attacker to redirect a user to an arbitrary site and potentially facilitate phishing. The root cause involves how user-supplied data...

6.1CVSS6.2AI score0.00548EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder