CVE-2026-40774 WordPress Booking Package plugin <= 1.7.06 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Booking Package = 1.7.06 versions...

CVE-2026-40774

CVE-2026-40774 concerns the WordPress Booking Package plugin (versions

CVE-2026-40774 WordPress Booking Package plugin <= 1.7.06 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Booking Package = 1.7.06 versions...

WordPress Booking Package plugin <= 1.7.16 - Authenticated (Editor+) Privilege Escalation vulnerability

Authenticated Editor+ Privilege Escalation vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Booking Package versions = 1.7.16...

CVE-2026-9851

The Booking Package plugin for WordPress is vulnerable to Privilege Escalation via Account Takeover in versions up to, and including, 1.7.16. This is due to a missing capability check on the 'updateUser' branch of the packageappaction AJAX endpoint, where the handler only validates a nonce and th...

CVE-2026-9851

The Booking Package plugin for WordPress is vulnerable to Privilege Escalation via Account Takeover in versions up to, and including, 1.7.16. This is due to a missing capability check on the 'updateUser' branch of the packageappaction AJAX endpoint, where the handler only validates a nonce and th...

EUVD-2026-34961

The Booking Package plugin for WordPress is vulnerable to Privilege Escalation via Account Takeover in versions up to, and including, 1.7.16. This is due to a missing capability check on the 'updateUser' branch of the packageappaction AJAX endpoint, where the handler only validates a nonce and th...

PT-2026-47145

Name of the Vulnerable Software and Affected Versions Booking Package versions prior to 1.7.17 Description An issue allows authenticated attackers with Editor-level access and above to perform privilege escalation via account takeover. This occurs due to a missing capability check on the...

EUVD-2026-26006

The Booking Package plugin for WordPress is vulnerable to Price Manipulation in versions up to, and including, 1.7.06 This is due to the intentForStripe function passing user-controlled $POST'amount' directly to the Stripe PaymentIntent API without validation, and the commitStripe function ignori...

CVE-2022-0709

The Booking Package WordPress plugin before 1.5.29 requires a token for exporting the ical representation of it's booking calendar, but this token is returned in the json response to unauthenticated users performing a booking, leading to a sensitive data disclosure vulnerability...

EUVD-2023-43616

Malicious code in bioql PyPI...

CVE-2024-13508

The Booking Package plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the locale parameter in all versions up to, and including, 1.6.72 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2024-13508 Booking Package <= 1.6.72 - Reflected Cross-Site Scripting via Locale Parameter

The Booking Package plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the locale parameter in all versions up to, and including, 1.6.72 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2024-13508

CVE-2024-13508 affects Booking Package for WordPress. It enables a Reflected Cross-Site Scripting (XSS) via the locale parameter in all versions up to and including 1.6.72 due to insufficient input sanitization/output escaping. The vulnerability is unauthenticated and can be triggered when a user...

CVE-2023-39918

CVE-2023-39918 affects the SAASPROJECT Booking Package WordPress plugin (versions

WordPress Booking Package plugin <= 1.5.10 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Gen Sato Mitsui Bussan Secure Directions, Inc in WordPress Booking Package plugin versions = 1.5.10. Solution Update the WordPress Booking Package plugin to the latest available version at least 1.5.11...