74 matches found
CVE-2025-22634 WordPress Easy Booked Plugin <= 2.4.5 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in MD Abu Jubayer Hossain Easy Booked – Appointment Booking and Scheduling Management System for WordPress easy-booked allows Cross Site Request Forgery.This issue affects Easy Booked – Appointment Booking and Scheduling Management System for WordPres...
WordPress plugin Easy Booked 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request...
WordPress Easy Booked Plugin <= 2.4.5 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by l8BL Patchstack Alliance in WordPress Plugin Easy Booked – Appointment Booking and Scheduling Management System for WordPress versions = 2.4.5...
Booked Scheduler 2.8.5 Cross Site Scripting / Open Redirection
Exploit Title: Open Redirect / Reflected XSS - booked-schedulerv2.8.5 Date: 10/2024 Exploit Author: Andrey Stoykov Version: 2.8.5 Tested on: Ubuntu 22.04 Blog: https://msecureltd.blogspot.com/2024/10/friday-fun-pentest-series-13-reflected.html...
CVE-2022-36399
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BoxyStudio Booked - Appointment Booking for WordPress | Calendars.This issue affects Booked - Appointment Booking for WordPress | Calendars: from n/a before 2.4.4...
CVE-2022-36399 WordPress Booked Plugin < 2.4.4 is vulnerable to Sensitive Data Exposure
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BoxyStudio Booked - Appointment Booking for WordPress | Calendars.This issue affects Booked - Appointment Booking for WordPress | Calendars: from n/a before 2.4.4...
CVE-2022-36399
CVE-2022-36399 affects the WordPress plugin Booked - Appointment Booking for WordPress (up to version before 2.4.4). It exposes sensitive data to unauthenticated actors due to improper access control. Fixed in version 2.4.4. Upgrading to 2.4.4+ mitigates the issue; no exploit details are provided...
WordPress Plugin Booked Information Disclosure Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. An information disclosure vulnerability...
WordPress Booked Plugin < 2.4.4 is vulnerable to Sensitive Data Exposure
Software Booked Type Plugin Vulnerable versions 2.4.4 Fixed in 2.4.4 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2022-36399 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 0ab671e26c14 Credits coogee86 Required privilege...
CVE-2023-24058
Booked Scheduler 2.5.5 allows authenticated users to create and schedule events for any other user via a modified userId value to reservationsave.php. NOTE: 2.5.5 is a version from 2014; the latest version of Booked Scheduler is not affected. However, LabArchives Scheduler Sep 6, 2022 Feature...
Code injection
Booked Scheduler 2.5.5 allows authenticated users to create and schedule events for any other user via a modified userId value to reservationsave.php. NOTE: 2.5.5 is a version from 2014; the latest version of Booked Scheduler is not affected. However, LabArchives Scheduler Sep 6, 2022 Feature...
CVE-2023-24058
Booked Scheduler 2.5.5 allows authenticated users to create and schedule events for any other user via a modified userId value to reservationsave.php. NOTE: 2.5.5 is a version from 2014; the latest version of Booked Scheduler is not affected. However, LabArchives Scheduler Sep 6, 2022 Feature...
CVE-2023-24058
Booked Scheduler 2.5.5 allows authenticated users to create and schedule events for any other user via a modified userId value to reservationsave.php. NOTE: 2.5.5 is a version from 2014; the latest version of Booked Scheduler is not affected. However, LabArchives Scheduler Sep 6, 2022 Feature...
Booked Scheduler 安全漏洞
Booked Scheduler is a powerful scheduling solution program from Booked. A security vulnerability exists in Booked Scheduler version 2.5.5. An attacker exploits the vulnerability to create and schedule events for any other user by modifying the userId value...
CVE-2023-24058
The CVE-2023-24058 entry concerns Booked Scheduler 2.5.5 (2014) where an authenticated user can schedule events for another user by modifying the userId in reservation_save.php. The LabArchives Scheduler (2022 feature release) is also affected per linked references. The latest Booked Scheduler ve...
CVE-2022-30706
Open redirect vulnerability in Booked versions prior to 3.3 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL...
CVE-2022-30706
Open redirect vulnerability in Booked versions prior to 3.3 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL...
CVE-2022-30706
Open redirect vulnerability in Booked versions prior to 3.3 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL...
Open redirect
Open redirect vulnerability in Booked versions prior to 3.3 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL...
CVE-2022-30706
The CVE-2022-30706 issue affects Booked versions prior to 3.3. Open redirect is possible when a specially crafted URL is accessed, enabling a remote unauthenticated attacker to redirect a user to an arbitrary site and potentially facilitate phishing. The root cause involves how user-supplied data...