9 matches found
CVE-2026-0658 Five Star Restaurant Reservations < 2.7.9 - Arbitrary Bookings Deletion via CSRF
The Five Star Restaurant Reservations WordPress plugin before 2.7.9 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting bookings via CSRF attacks...
CVE-2026-0658 Five Star Restaurant Reservations < 2.7.9 - Arbitrary Bookings Deletion via CSRF
The Five Star Restaurant Reservations WordPress plugin before 2.7.9 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting bookings via CSRF attacks...
CVE-2025-10124 Booking Manager < 2.1.15 - Contributor+ Booking Deletion
The Booking Manager WordPress plugin before 2.1.15 registers a shortcode that deletes bookings and makes that shortcode available to anyone with contributor and above privileges. When a page containing the shortcode is visited, the bookings are deleted...
EUVD-2022-48072
Malicious code in bioql PyPI...
WordPress CB (legacy) plugin <= 0.9.4.18 - Code/Timeframe/Booking Deletion via CSRF vulnerability
Code/Timeframe/Booking Deletion via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin CB legacy versions = 0.9.4.18...
CVE-2024-4382 CB (legacy) <= 0.9.4.18 - Code/Timeframe/Booking Deletion via CSRF
The CB legacy WordPress plugin through 0.9.4.18 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting codes, timeframes, and bookings via CSRF attacks...
CB (legacy) <= 0.9.4.18 - Code/Timeframe/Booking Deletion via CSRF
Description The plugin does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting codes, timeframes, and bookings via CSRF attacks Codes:...
CVE-2022-45164
An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application allows a basic user to cancel delete a booking, created by someone else - even if this basic user is not a member of the booking...
PT-2021-15855 · WordPress · Listeo
Name of the Vulnerable Software and Affected Versions: Listeo WordPress theme versions prior to 1.6.11 Description: The issue allows any authenticated users to delete arbitrary pages/posts and bookings via an IDOR vector because it does not ensure that the post/page and booking to be deleted belo...