228 matches found
CVE-2020-24313
Etoile Web Design Ultimate Appointment Booking & Scheduling WordPress Plugin v1.1.9 and lower does not sanitize the value of the "AppointmentID" GET parameter before echoing it back out inside an input tag. This results in a reflected XSS vulnerability that attackers can exploit with a specially...
CVE-2025-23911
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in solidres Solidres – Hotel booking plugin solidres allows SQL Injection.This issue affects Solidres – Hotel booking plugin: from n/a through = 0.9.4...
CVE-2025-14720 Booking for Appointments and Events Calendar – Amelia <= 1.2.38 - Missing Authorization to Unauthenticated Multiple AJAX Actions
The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on multiple AJAX actions in all versions up to, and including, 1.2.38. This makes it possible for unauthenticated attackers to mark payments as...
CVE-2025-14352 Awesome Hotel Booking <= 1.0.3 - Incorrect Authorization to Unauthenticated Arbitrary Booking Modification
The Awesome Hotel Booking plugin for WordPress is vulnerable to unauthorized modification of data due to incorrect authorization in the room-single.php shortcode handler in all versions up to, and including, 1.0.3. This is due to the plugin relying solely on nonce verification without capability...
PT-2026-1398
Name of the Vulnerable Software and Affected Versions Simply Schedule Appointments Booking Plugin versions prior to 1.6.9.6 Description The Appointment Booking Calendar – Simply Schedule Appointments Booking Plugin for WordPress is susceptible to sensitive information exposure due to the use of a...
WordPress WP BASE Booking of Appointments, Services and Events plugin < 5.0.0 - Reflected XSS vulnerability
Reflected XSS vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin WP BASE Booking versions 5.0.0...
CVE-2025-11496
The Five Star Restaurant Reservations – WordPress Booking Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rtb-name' parameter in all versions up to, and including, 2.7.5 due to insufficient input sanitization and output escaping. This makes it possible for...
Exploit for CVE-2025-68055
CVE-2025-68055 Authenticated SQL injection in Hydra Booking...
WordPress plugin Hydra Booking SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL...
CVE-2025-63012
Cross-Site Request Forgery CSRF vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows Cross Site Request Forgery.This issue affects WP Hotel Booking: from n/a through = 2.2.8...
CVE-2025-63013
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows Retrieve Embedded Sensitive Data.This issue affects WP Hotel Booking: from n/a through = 2.2.7...
CVE-2025-63011
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows DOM-Based XSS.This issue affects WP Hotel Booking: from n/a through = 2.2.8...
CVE-2025-63011 WordPress WP Hotel Booking plugin <= 2.2.8 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows DOM-Based XSS.This issue affects WP Hotel Booking: from n/a through = 2.2.8...
CVE-2025-63012 WordPress WP Hotel Booking plugin <= 2.2.8 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows Cross Site Request Forgery.This issue affects WP Hotel Booking: from n/a through = 2.2.8...
EUVD-2025-201997
Cross-Site Request Forgery CSRF vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows Cross Site Request Forgery.This issue affects WP Hotel Booking: from n/a through = 2.2.7...
CVE-2025-63013
CVE-2025-63013 affects the WordPress WP Hotel Booking plugin (wp-hotel-booking) versions up to and including 2.2.7. The documented issue is exposure of sensitive system information and the ability to retrieve embedded sensitive data, indicating a data-access exposure vulnerability. The root cause...
CVE-2025-63012 WordPress WP Hotel Booking plugin <= 2.2.8 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows Cross Site Request Forgery.This issue affects WP Hotel Booking: from n/a through = 2.2.8...
CVE-2025-67597 WordPress Fluent Booking plugin <= 1.9.11 - Broken Access Control vulnerability
Missing Authorization vulnerability in Shahjahan Jewel Fluent Booking fluent-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fluent Booking: from n/a through = 1.9.11...
WordPress plugin WP Hotel Booking 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
PT-2025-50031
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows DOM-Based XSS.This issue affects WP Hotel Booking: from n/a through = 2.2.7...