Lucene search
+L

86 matches found

Patchstack
Patchstack
added 4 days ago9 views

WordPress Booking Package plugin <= 1.7.20 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by PRISM in WordPress Plugin Booking Package versions = 1.7.20...

7.5CVSS6.1AI score0.00481EPSS
Exploits0References1Affected Software1
NVD
NVD
added 6 days ago6 views

CVE-2026-15335

The Booking Package plugin for WordPress is vulnerable to generic SQL Injection via 'email' Form Parameter form in all versions up to, and including, 1.7.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

7.5CVSS0.00481EPSS
Exploits0References10
CVE
CVE
added 6 days ago13 views

CVE-2026-15335

The Booking Package WordPress plugin is vulnerable up to version 1.7.20 due to insufficient escaping on the email parameter in the REST endpoint /wp-json/booking-package/v1/request, allowing unauthenticated SQL injection. Root cause: user-supplied email input reaches the SQL sink without proper e...

7.5CVSS6.1AI score0.00481EPSS
Exploits0References10
Cvelist
Cvelist
added 6 days ago36 views

CVE-2026-15335 Booking Package <= 1.7.20 - Unauthenticated SQL Injection via 'email' Form Parameter

The Booking Package plugin for WordPress is vulnerable to generic SQL Injection via 'email' Form Parameter form in all versions up to, and including, 1.7.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

7.5CVSS0.00481EPSS
Exploits0References10
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-43143

The Booking Package plugin for WordPress is vulnerable to generic SQL Injection via 'email' Form Parameter form in all versions up to, and including, 1.7.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

7.5CVSS6.1AI score0.00481EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 6 days ago8 views

PT-2026-57393

Name of the Vulnerable Software and Affected Versions Booking Package versions prior to 1.7.21 Description Insufficient escaping of user-supplied parameters and lack of preparation in SQL queries allow unauthenticated attackers to perform SQL Injection. This occurs via the email parameter in the...

7.5CVSS6.1AI score0.00481EPSS
Exploits0References14
EUVD
EUVD
added 2026/06/15 9:30 p.m.9 views

EUVD-2026-36983

Unauthenticated Broken Access Control in Booking Package = 1.7.06 versions...

7.5CVSS5.1AI score0.00238EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 9:16 p.m.7 views

CVE-2026-40774

Unauthenticated Broken Access Control in Booking Package = 1.7.06 versions...

7.5CVSS0.00238EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:18 p.m.27 views

CVE-2026-40774 WordPress Booking Package plugin <= 1.7.06 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Booking Package = 1.7.06 versions...

7.5CVSS0.00238EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:18 p.m.14 views

CVE-2026-40774

CVE-2026-40774 concerns the WordPress Booking Package plugin (versions

7.5CVSS5.1AI score0.00238EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/15 8:18 p.m.7 views

CVE-2026-40774 WordPress Booking Package plugin <= 1.7.06 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Booking Package = 1.7.06 versions...

7.5CVSS5.2AI score0.00238EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.12 views

PT-2026-49418

Unauthenticated Broken Access Control in Booking Package = 1.7.06 versions...

7.5CVSS5.1AI score0.00238EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/06/09 9:59 a.m.13 views

WordPress Booking Package plugin <= 1.7.16 - Authenticated (Editor+) Privilege Escalation vulnerability

Authenticated Editor+ Privilege Escalation vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Booking Package versions = 1.7.16...

7.2CVSS5.5AI score0.00345EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/07 8:59 a.m.22 views

CVE-2026-9851

The Booking Package plugin for WordPress is vulnerable to Privilege Escalation via Account Takeover in versions up to, and including, 1.7.16. This is due to a missing capability check on the 'updateUser' branch of the packageappaction AJAX endpoint, where the handler only validates a nonce and th...

7.2CVSS5.4AI score0.00345EPSS
Exploits0References1
NVD
NVD
added 2026/06/06 5:16 a.m.16 views

CVE-2026-9851

The Booking Package plugin for WordPress is vulnerable to Privilege Escalation via Account Takeover in versions up to, and including, 1.7.16. This is due to a missing capability check on the 'updateUser' branch of the packageappaction AJAX endpoint, where the handler only validates a nonce and th...

7.2CVSS0.00345EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/06 4:28 a.m.7 views

CVE-2026-9851

The Booking Package plugin for WordPress is vulnerable to Privilege Escalation via Account Takeover in versions up to, and including, 1.7.16. This is due to a missing capability check on the 'updateUser' branch of the packageappaction AJAX endpoint, where the handler only validates a nonce and th...

7.2CVSS5.4AI score0.00345EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/06 4:28 a.m.9 views

CVE-2026-9851 Booking Package <= 1.7.16 - Authenticated (Editor+) Privilege Escalation via Account Takeover to updateUser AJAX Action

The Booking Package plugin for WordPress is vulnerable to Privilege Escalation via Account Takeover in versions up to, and including, 1.7.16. This is due to a missing capability check on the 'updateUser' branch of the packageappaction AJAX endpoint, where the handler only validates a nonce and th...

7.2CVSS5.4AI score0.00345EPSS
Exploits0References5
CVE
CVE
added 2026/06/06 4:28 a.m.41 views

CVE-2026-9851

The CVE-2026-9851 entry concerns the Booking Package plugin for WordPress (versions up to 1.7.16). The vulnerability arises from a missing capability check in the updateUser branch of the package_app_action AJAX endpoint, where the handler only validates a nonce and Schedule::updateUser() is invo...

7.2CVSS5.4AI score0.00345EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/06 4:28 a.m.47 views

CVE-2026-9851 Booking Package <= 1.7.16 - Authenticated (Editor+) Privilege Escalation via Account Takeover to updateUser AJAX Action

The Booking Package plugin for WordPress is vulnerable to Privilege Escalation via Account Takeover in versions up to, and including, 1.7.16. This is due to a missing capability check on the 'updateUser' branch of the packageappaction AJAX endpoint, where the handler only validates a nonce and th...

7.2CVSS0.00345EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/06 4:28 a.m.12 views

EUVD-2026-34961

The Booking Package plugin for WordPress is vulnerable to Privilege Escalation via Account Takeover in versions up to, and including, 1.7.16. This is due to a missing capability check on the 'updateUser' branch of the packageappaction AJAX endpoint, where the handler only validates a nonce and th...

7.2CVSS5.4AI score0.00345EPSS
Exploits0References5
Rows per page
Query Builder