CVE-2026-1537 LatePoint – Calendar Booking Plugin for Appointments and Events <= 5.2.6 - Missing Authorization to Booking Details Exposure

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the loadstep function in all versions up to, and including, 5.2.6. This makes it possible for unauthenticated attackers to vie...

CVE-2026-1537

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the loadstep function in all versions up to, and including, 5.2.6. This makes it possible for unauthenticated attackers to vie...

EUVD-2026-5082

The Booking Calendar plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wpbcajaxWPBCFLEXTIMELINENAV function in all versions up to, and including, 10.14.13. This makes it possible for unauthenticated attackers to retrieve booking information...

CVE-2025-14982 Booking Calendar <= 10.14.11 - Missing Authorization to Sensitive Information Exposure

The Booking Calendar plugin for WordPress is vulnerable to Missing Authorization leading to Sensitive Information Exposure in all versions up to, and including, 10.14.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view all booking records in the...

CVE-2025-11723 Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.9.5 - Unauthenticated Sensitive Information Exposure

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.9.5 via the hash function due to use of a hardcoded fall-back salt. This makes it possible for...

CVE-2025-11723

CVE-2025-11723 : Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin for WordPress is affected up to version 1.6.9.5. The vulnerability arises from a hardcoded fallback salt used in the hash() function, enabling unauthenticated attackers to generate a valid token across sit...

CVE-2025-14065 Simple Bike Rental <= 1.0.6 - Missing Authorization to Authenticated (Subscriber+) Sensitive Booking Data Exposure

The Simple Bike Rental plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'simpbirecaricaprenotazioni' AJAX action in all versions up to, and including, 1.0.6. This makes it possible for authenticated attackers, with Subscriber-level access...

EUVD-2025-203076

The Simple Bike Rental plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'simpbirecaricaprenotazioni' AJAX action in all versions up to, and including, 1.0.6. This makes it possible for authenticated attackers, with Subscriber-level access...

CVE-2025-14065

CVE-2025-14065 affects the WordPress plugin “Simple Bike Rental” (publicly listed as Simple Bike Rental). The issue is a missing capability check on the AJAX action simpBire_carica_prenotazioni, allowing authenticated users with Subscriber+ privileges to retrieve all booking records containing cu...

CVE-2025-14065 Simple Bike Rental <= 1.0.6 - Missing Authorization to Authenticated (Subscriber+) Sensitive Booking Data Exposure

The Simple Bike Rental plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'simpbirecaricaprenotazioni' AJAX action in all versions up to, and including, 1.0.6. This makes it possible for authenticated attackers, with Subscriber-level access...

PT-2024-17662 · WordPress · The Tickera

Name of the Vulnerable Software and Affected Versions: The Tickera – WordPress Event Ticketing plugin versions up to, and including, 3.5.4.8 Description: The issue allows unauthenticated attackers to extract sensitive data from bookings, including full names, email addresses, check-in/out...

CVE-2022-27863

Sensitive Information Exposure in E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin = 1.5.3 on WordPress allows attackers to get the booking data by guessing / brute-forcing easy predictable booking IDs via search POST requests...

CVE-2022-0825

The Amelia WordPress plugin before 1.0.49 does not have proper authorisation when managing appointments, allowing any customer to update other's booking status, as well as retrieve sensitive information about the bookings, such as the full name and phone number of the person who booked it...