EUVD-2024-51755

Malicious code in bioql PyPI...

CVE-2024-13821

The WP Booking Calendar plugin for WordPress is vulnerable to Unauthenticated Post-Confirmation Booking Manipulation in all versions up to, and including, 10.10. This is due to the plugin not properly requiring re-verification after a booking has been made and a change is being attempted. This...

CVE-2024-13821

The WP Booking Calendar plugin for WordPress is vulnerable to Unauthenticated Post-Confirmation Booking Manipulation in all versions up to, and including, 10.10. This is due to the plugin not properly requiring re-verification after a booking has been made and a change is being attempted. This...

CVE-2024-13821

The WP Booking Calendar plugin for WordPress is vulnerable to Unauthenticated Post-Confirmation Booking Manipulation in all versions up to, and including, 10.10. This is due to the plugin not properly requiring re-verification after a booking has been made and a change is being attempted. This...

CVE-2024-13821 WP Booking Calendar <= 10.10 - Unauthenticated Post-Confirmation Booking Manipulation

The WP Booking Calendar plugin for WordPress is vulnerable to Unauthenticated Post-Confirmation Booking Manipulation in all versions up to, and including, 10.10. This is due to the plugin not properly requiring re-verification after a booking has been made and a change is being attempted. This...

CVE-2024-13821

CVE-2024-13821 concerns the WordPress plugin WP Booking Calendar (&lt;= 10.10). The defect allows unauthenticated actors to manipulate their confirmed bookings after approval because re-verification after a booking change is not enforced. The CVSS 3.1 base score is 5.3 (Network, Low complexity, N...

CVE-2024-13821 WP Booking Calendar <= 10.10 - Unauthenticated Post-Confirmation Booking Manipulation

The WP Booking Calendar plugin for WordPress is vulnerable to Unauthenticated Post-Confirmation Booking Manipulation in all versions up to, and including, 10.10. This is due to the plugin not properly requiring re-verification after a booking has been made and a change is being attempted. This...

WordPress plugin WP Booking Calendar 授权问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An authorization...

PT-2025-6452 · WordPress · Wp Booking Calendar

Name of the Vulnerable Software and Affected Versions: WP Booking Calendar plugin for WordPress versions up to, and including, 10.10 Description: The issue allows unauthenticated attackers to manipulate their confirmed bookings, even after they have been approved, due to the plugin not properly...

WordPress WP Booking Calendar plugin <= 10.10 - Unauthenticated Post-Confirmation Booking Manipulation vulnerability

Unauthenticated Post-Confirmation Booking Manipulation vulnerability discovered by Asaf Mozes in WordPress Plugin Booking Calendar versions = 10.10...

WordPress EventPrime plugin <= 3.3.4 - Booking Price Manipulation vulnerability

Booking Price Manipulation vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin EventPrime versions = 3.3.4...

PT-2023-28384 · WordPress · Eventprime

Name of the Vulnerable Software and Affected Versions: EventPrime WordPress plugin versions prior to 3.3.0 Description: The issue allows an attacker to purchase bookings without making a payment by manipulating the price specified in the client request. Recommendations: For versions prior to 3.3....

CVE-2023-1129 WP FEvents Book <= 0.46 - Subscriber+ Arbitrary Booking Manipulation via IDOR

The WP FEvents Book WordPress plugin through 0.46 does not ensures that bookings to be updated belong to the user making the request, allowing any authenticated user to book, add notes, or cancel booking on behalf of other users...

CVE-2023-1129 WP FEvents Book <= 0.46 - Subscriber+ Arbitrary Booking Manipulation via IDOR

The WP FEvents Book WordPress plugin through 0.46 does not ensures that bookings to be updated belong to the user making the request, allowing any authenticated user to book, add notes, or cancel booking on behalf of other users...

WP FEvents Book <= 0.46 - Subscriber+ Arbitrary Booking Manipulation via IDOR

The plugin does not ensures that bookings to be updated belong to the user making the request, allowing any authenticated user to book, add notes, or cancel booking on behalf of other users. 1. Book or cancel booking an event using an authenticated user. 2. Intercept the request using an HTTP Pro...

WP FEvents Book <= 0.46 - Subscriber+ Arbitrary Booking Manipulation via IDOR

The plugin does not ensures that bookings to be updated belong to the user making the request, allowing any authenticated user to book, add notes, or cancel booking on behalf of other users. PoC 1. Book or cancel booking an event using an authenticated user. 2. Intercept the request using an HTTP...

Amelia < 1.0.47 - Customer+ Arbitrary Appointments Update and Sensitive Data Disclosure

The plugin does not have proper authorisation when managing appointments, allowing any customer to update other's booking, as well as retrieve sensitive information about the bookings, such as the full name and phone number of the person who booked it. 1. Create a booking with user01 2. Create...