Lucene search
K

15 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.10 views

CVE-2026-5693

The Smart Appointment & Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and a nonce validation logic flaw in the saabcancelbooking function in all versions up to, and including, 1.0.8. The nonce check uses && AND instead of || OR,...

5.3CVSS5.5AI score0.00228EPSS
Exploits0References1
CVE
CVE
added 2026/05/14 6:44 a.m.16 views

CVE-2026-5365

CVE-2026-5365 affects the WordPress LatePoint plugin up to version 5.3.2. The issue is a Cross-Site Request Forgery caused by missing nonce verification in request_cancellation(), allowing unauthenticated attackers to cancel a logged-in customer’s bookings via a forged request (requires user inte...

4.3CVSS5.8AI score0.00105EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/12 9:31 a.m.37 views

EUVD-2026-29399

The Smart Appointment & Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and a nonce validation logic flaw in the saabcancelbooking function in all versions up to, and including, 1.0.8. The nonce check uses && AND instead of || OR,...

5.3CVSS5.9AI score0.00228EPSS
Exploits0References5
NVD
NVD
added 2026/05/12 9:16 a.m.33 views

CVE-2026-5693

The Smart Appointment & Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and a nonce validation logic flaw in the saabcancelbooking function in all versions up to, and including, 1.0.8. The nonce check uses && AND instead of || OR,...

5.3CVSS0.00228EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/12 7:48 a.m.36 views

CVE-2026-5693 Smart Appointment & Booking <= 1.0.8 - Missing Authorization to Unauthenticated Arbitrary Booking Cancellation

The Smart Appointment & Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and a nonce validation logic flaw in the saabcancelbooking function in all versions up to, and including, 1.0.8. The nonce check uses && AND instead of || OR,...

5.3CVSS0.00228EPSS
Exploits0References4
CVE
CVE
added 2026/05/12 7:48 a.m.21 views

CVE-2026-5693

CVE-2026-5693: The WordPress plugin Smart Appointment & Booking (versions ≤ 1.0.8) is vulnerable to unauthorized data modification due to a missing capability check and a faulty nonce validation in saab_cancel_booking(). The nonce check uses AND (&&) instead of OR (||), allowing unauthenticated a...

5.3CVSS5.9AI score0.00228EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/05/11 7:3 p.m.8 views

WordPress Smart Appointment & Booking plugin <= 1.0.8 - Missing Authorization to Unauthenticated Arbitrary Booking Cancellation vulnerability

Missing Authorization to Unauthenticated Arbitrary Booking Cancellation vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin Smart Appointment & Booking versions = 1.0.8...

5.3CVSS5.8AI score0.00228EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/11/11 11:15 a.m.5 views

CVE-2025-12787

The Hydra Booking — Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to unauthorized booking cancellation in all versions up to, and including, 1.1.27. This is due to the plugin's "tfhbmeetingformsubmitcallback" function using insufficiently random values to generate...

5.3CVSS0.0026EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/11 11:3 a.m.4 views

CVE-2025-12787 Hydra Booking – All in One Appointment Booking System | Appointment Scheduling, Booking Calendar & WooCommerce Bookings <= 1.1.27 - Unauthenticated Arbitrary Booking Cancellation via Weak Hash Generation

The Hydra Booking — Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to unauthorized booking cancellation in all versions up to, and including, 1.1.27. This is due to the plugin's "tfhbmeetingformsubmitcallback" function using insufficiently random values to generate...

5.3CVSS5.7AI score0.0026EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 11:21 p.m.19 views

CVE-2022-45164

An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application allows a basic user to cancel delete a booking, created by someone else - even if this basic user is not a member of the booking...

4.3CVSS6.8AI score0.00411EPSS
Exploits0References1
NVD
NVD
added 2023/01/10 9:15 p.m.20 views

CVE-2022-45164

An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application allows a basic user to cancel delete a booking, created by someone else - even if this basic user is not a member of the booking...

4.3CVSS4.5AI score0.00411EPSS
Exploits0References2
OSV
OSV
added 2023/01/10 9:15 p.m.3 views

CVE-2022-45164

An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application allows a basic user to cancel delete a booking, created by someone else - even if this basic user is not a member of the booking...

4.3CVSS5.8AI score0.00411EPSS
Exploits0References2
Prion
Prion
added 2023/01/10 9:15 p.m.14 views

Design/Logic Flaw

An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application allows a basic user to cancel delete a booking, created by someone else - even if this basic user is not a member of the booking...

4CVSS4.6AI score0.00411EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/01/10 12:0 a.m.4 views

PT-2023-14622 · Archibus · Archibus Web Central

Name of the Vulnerable Software and Affected Versions: Archibus Web Central version 2022.03.01.107 Description: An issue was discovered in the application where a service allows a basic user to cancel or delete a booking created by someone else, even if the basic user is not a member of the...

4.3CVSS7AI score0.00411EPSS
Exploits0References5
CVE
CVE
added 2023/01/10 12:0 a.m.41 views

CVE-2022-45164

CVE-2022-45164 — Summary (MODE C) Affected product: Archibus Web Central version 2022.03.01.107. Vulnerability: A service exposed by the Archibus Web Central application permits a basic user, who is not a member of a booking, to cancel (delete) that booking created by someone else. Impact: Unauth...

4.3CVSS4.6AI score0.00411EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder