EUVD-2025-198532

The Booking Calendar Contact Form plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.60. This is due to missing authorization checks and payment verification in the dexbccfcheckIPNverification function. This makes it possible for unauthenticated...

CVE-2025-13318

The Booking Calendar Contact Form plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.60. This is due to missing authorization checks and payment verification in the dexbccfcheckIPNverification function. This makes it possible for unauthenticated...

CVE-2025-13318 Booking Calendar Contact Form <= 1.2.60 - Missing Authorization to Unauthenticated Arbitrary Booking Confirmation via 'dex_bccf_ipn' Parameter

The Booking Calendar Contact Form plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.60. This is due to missing authorization checks and payment verification in the dexbccfcheckIPNverification function. This makes it possible for unauthenticated...

CVE-2025-13318

The CVE concerns the WordPress plugin Booking Calendar Contact Form (versions up to and including 1.2.60). It describes a Missing Authorization vulnerability caused by insufficient authorization checks and payment verification in the dex_bccf_check_IPN_verification function, enabling unauthentica...

CVE-2025-13318 Booking Calendar Contact Form <= 1.2.60 - Missing Authorization to Unauthenticated Arbitrary Booking Confirmation via 'dex_bccf_ipn' Parameter

The Booking Calendar Contact Form plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.60. This is due to missing authorization checks and payment verification in the dexbccfcheckIPNverification function. This makes it possible for unauthenticated...

CVE-2025-13317 Appointment Booking Calendar <= 1.3.96 - Missing Authorization to Arbitrary Booking Confirmation via 'cpabc_ipncheck' Parameter

The Appointment Booking Calendar plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.3.96. This is due to the plugin exposing an unauthenticated booking processing endpoint cpabcappointmentscheckIPNverification that trusts attacker-supplied payment...

CVE-2025-13317 Appointment Booking Calendar <= 1.3.96 - Missing Authorization to Arbitrary Booking Confirmation via 'cpabc_ipncheck' Parameter

The Appointment Booking Calendar plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.3.96. This is due to the plugin exposing an unauthenticated booking processing endpoint cpabcappointmentscheckIPNverification that trusts attacker-supplied payment...

WordPress Appointment Booking Calendar plugin <= 1.3.96 - Missing Authorization to Arbitrary Booking Confirmation via 'cpabc_ipncheck' Parameter vulnerability

Missing Authorization to Arbitrary Booking Confirmation via 'cpabcipncheck' Parameter vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Appointment Booking Calendar versions = 1.3.96...

EUVD-2024-51240

Malicious code in bioql PyPI...

CVE-2021-24317

The Listeo WordPress theme before 1.6.11 did not properly sanitise some parameters in its Search, Booking Confirmation and Personal Message pages, leading to Cross-Site Scripting issues...

Listeo < 1.6.11 - Multiple XSS & XFS vulnerabilities

The theme did not properly sanitise some parameters in its Search, Booking Confirmation and Personal Message pages, leading to Cross-Site Scripting issues - Unauthenticated Reflected XSS | Search query, vulnerable parameters: keywordsearch and locationsearch - Authenticated Persistent XSS & XFS |...

Listeo < 1.6.11 - Multiple XSS & XFS vulnerabilities

The theme did not properly sanitise some parameters in its Search, Booking Confirmation and Personal Message pages, leading to Cross-Site Scripting issues - Unauthenticated Reflected XSS | Search query, vulnerable parameters: keywordsearch and locationsearch - Authenticated Persistent XSS & XFS |...

Threat Outbreak Alert RuleID27056: Email Messages Distributing Malicious Software on December 29, 2016

Medium Alert ID: 52235 First Published: 2017 January 3 14:11 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID27056 may contain the following files: Name |...

TripAdvisor travel website infected with Gamarue malware, infect 2% Indian Internet Users

TripAdvisor Inc., a hotel-review website, recently became a victim of the bug, said Trend Micro Inc., an Internet security solutions provider. Many of TripAdvisor's users received spam mail with booking confirmations for hotels they had checked out on the website, 1.89% of Indian Internet Users...

Booking System for Planyo Multiple VUlnerabilty

Exploit for php platform in category web applications =============================================== Booking System for Planyo Multiple VUlnerabilty =============================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 ...