Lucene search
K

231 matches found

Patchstack
Patchstack
added 2026/04/08 12:46 p.m.4 views

WordPress WP BASE Booking plugin <= 5.9.0 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Jarno Vos jrn5151 in WordPress Plugin WP BASE Booking versions = 5.9.0...

5.8AI score0.00283EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2026/04/04 12:0 a.m.9 views

WordPress plugin WP Travel Engine – Tour Booking Plugin – Tour Operator Software 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.4CVSS5.8AI score0.00159EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.12 views

WordPress plugin Appointment Booking and Scheduler Plugin – Truebooker 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.8AI score0.00205EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/27 4:59 a.m.8 views

CVE-2026-2931

The Amelia Booking plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 9.1.2. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...

8.8CVSS5.8AI score0.00382EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:10 p.m.5 views

CVE-2026-1704

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.6.9.29. This is due to the getitempermissionscheck method granting access to users with the...

4.3CVSS5.8AI score0.00212EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/26 1:26 p.m.2 views

CVE-2026-2231

The Fluent Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in all versions up to, and including, 2.0.01 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...

7.2CVSS6AI score0.00302EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/03/26 3:37 a.m.3 views

CVE-2026-2931

The Amelia Booking plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 9.1.2. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...

8.8CVSS5.8AI score0.00382EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.19 views

PT-2026-28198

Name of the Vulnerable Software and Affected Versions Amelia Booking plugin for WordPress versions up to 9.1.2 Description The Amelia Booking plugin for WordPress is susceptible to Insecure Direct Object References. The plugin allows user-controlled access to objects, potentially enabling a user ...

8.8CVSS5.8AI score0.00382EPSS
Exploits0References10
Patchstack
Patchstack
added 2026/03/20 9:53 a.m.8 views

WordPress Appointment Booking Calendar plugin <= 1.6.10.0 - Unauthenticated SQL Injection via 'fields' Parameter vulnerability

Unauthenticated SQL Injection via 'fields' Parameter vulnerability discovered by momopon1415 in WordPress Plugin Simply Schedule Appointments versions = 1.6.10.0...

7.5CVSS5.9AI score0.00311EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/19 11:15 a.m.3 views

CVE-2026-3658

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the 'fields' parameter in all versions up to, and including, 1.6.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparati...

7.5CVSS5.9AI score0.00311EPSS
Exploits0References6
EUVD
EUVD
added 2026/03/11 9:31 a.m.6 views

EUVD-2026-11117

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to blind SQL Injection in all versions up to, and including, 1.6.9.27. This is due to the dbwhereconditions method in the TDDBModel class failing to prevent the appendwheresql paramet...

7.5CVSS6AI score0.00406EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 2026/03/11 7:36 a.m.5 views

CVE-2026-1708

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to blind SQL Injection in all versions up to, and including, 1.6.9.27. This is due to the dbwhereconditions method in the TDDBModel class failing to prevent the appendwheresql paramet...

7.5CVSS6AI score0.00406EPSS
Exploits0References11
EUVD
EUVD
added 2026/03/10 6:31 p.m.4 views

EUVD-2026-10467

The Booking Calendar for Appointments and Service Businesses – Booktics plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple REST API endpoints in all versions up to, and including, 1.0.16. This makes it possible for unauthenticated...

5.3CVSS5.8AI score0.00261EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/03/05 5:54 a.m.2 views

CVE-2026-27428 WordPress Eagle Booking plugin <= 1.3.4.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Eagle-Themes Eagle Booking eagle-booking allows SQL Injection.This issue affects Eagle Booking: from n/a through = 1.3.4.3...

5.8AI score0.0026EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/04 8:25 a.m.7 views

CVE-2026-0742

The Smart Appointment & Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the saabsaveformdata AJAX action in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.6AI score0.00264EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.11 views

PT-2026-6020

Name of the Vulnerable Software and Affected Versions Smart Appointment & Booking plugin for WordPress versions up to and including 1.0.7 Description The Smart Appointment & Booking plugin for WordPress is susceptible to Stored Cross-Site Scripting through the saab save form data AJAX action. Thi...

6.4CVSS5.4AI score0.00264EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/01/28 12:0 a.m.11 views

PT-2026-5060

The Appointment Hour Booking – Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form field configuration parameters in all versions up to, and including, 1.5.60 due to insufficient input sanitization and output escaping on the 'Min length/characters' and 'Max...

4.4CVSS5.9AI score0.00262EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/01/22 4:52 p.m.22 views

CVE-2026-24371 WordPress BA Book Everything plugin <= 1.8.16 - Broken Access Control vulnerability

Missing Authorization vulnerability in bookingalgorithms BA Book Everything ba-book-everything allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BA Book Everything: from n/a through = 1.8.16...

4.3CVSS0.00155EPSS
Exploits0References1
CVE
CVE
added 2026/01/22 4:52 p.m.16 views

CVE-2025-68027

CVE-2025-68027 : The Hydra Booking (Themefic Hydra Booking) WordPress plugin suffers an unauthenticated privilege escalation due to an incorrect privilege assignment in versions up to 1.1.32. The vulnerability enables elevation of privileges within Hydra Booking (hydra-booking) as described in pu...

7.3CVSS5.4AI score0.0028EPSS
Exploits0References1
CVE
CVE
added 2026/01/22 4:51 p.m.13 views

CVE-2025-67963

CVE-2025-67963 refers to the WordPress plugin Movie Booking (ovatheme Movie Booking) , affected up to version 1.1.5 . The incident is described as an unauthenticated, high-severity path traversal/arbitrary file deletion vulnerability that could enable deletion of arbitrary files on affected sites...

8.6CVSS5.4AI score0.00552EPSS
Exploits0References1
Rows per page
Query Builder