Lucene search
K

228 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:49 a.m.7 views

CVE-2020-24313

Etoile Web Design Ultimate Appointment Booking & Scheduling WordPress Plugin v1.1.9 and lower does not sanitize the value of the "AppointmentID" GET parameter before echoing it back out inside an input tag. This results in a reflected XSS vulnerability that attackers can exploit with a specially...

6.1CVSS6.2AI score0.01151EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:48 a.m.11 views

CVE-2025-23911

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in solidres Solidres – Hotel booking plugin solidres allows SQL Injection.This issue affects Solidres – Hotel booking plugin: from n/a through = 0.9.4...

8.5CVSS7.3AI score0.00491EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/09 6:34 a.m.4 views

CVE-2025-14720 Booking for Appointments and Events Calendar – Amelia <= 1.2.38 - Missing Authorization to Unauthenticated Multiple AJAX Actions

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on multiple AJAX actions in all versions up to, and including, 1.2.38. This makes it possible for unauthenticated attackers to mark payments as...

5.3CVSS5.2AI score0.0028EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/07 9:20 a.m.3 views

CVE-2025-14352 Awesome Hotel Booking <= 1.0.3 - Incorrect Authorization to Unauthenticated Arbitrary Booking Modification

The Awesome Hotel Booking plugin for WordPress is vulnerable to unauthorized modification of data due to incorrect authorization in the room-single.php shortcode handler in all versions up to, and including, 1.0.3. This is due to the plugin relying solely on nonce verification without capability...

5.3CVSS5.9AI score0.00236EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/06 12:0 a.m.9 views

PT-2026-1398

Name of the Vulnerable Software and Affected Versions Simply Schedule Appointments Booking Plugin versions prior to 1.6.9.6 Description The Appointment Booking Calendar – Simply Schedule Appointments Booking Plugin for WordPress is susceptible to sensitive information exposure due to the use of a...

6.5CVSS6.2AI score0.00182EPSS
Exploits0References6
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.7 views

WordPress WP BASE Booking of Appointments, Services and Events plugin < 5.0.0 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin WP BASE Booking versions 5.0.0...

6.1CVSS5.4AI score0.00578EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2025/12/21 3:15 a.m.6 views

CVE-2025-11496

The Five Star Restaurant Reservations – WordPress Booking Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rtb-name' parameter in all versions up to, and including, 2.7.5 due to insufficient input sanitization and output escaping. This makes it possible for...

6.1CVSS0.00172EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2025/12/19 10:1 a.m.230 views

Exploit for CVE-2025-68055

CVE-2025-68055 Authenticated SQL injection in Hydra Booking...

8.5CVSS8.1AI score0.00286EPSS
Exploits1
CNNVD
CNNVD
added 2025/12/16 12:0 a.m.8 views

WordPress plugin Hydra Booking SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL...

8.5CVSS7.5AI score0.00286EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/10 3:13 p.m.3 views

CVE-2025-63012

Cross-Site Request Forgery CSRF vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows Cross Site Request Forgery.This issue affects WP Hotel Booking: from n/a through = 2.2.8...

4.3CVSS5.9AI score0.00111EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/10 3:13 p.m.4 views

CVE-2025-63013

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows Retrieve Embedded Sensitive Data.This issue affects WP Hotel Booking: from n/a through = 2.2.7...

4.3CVSS6.9AI score0.00223EPSS
Exploits0References1
NVD
NVD
added 2025/12/09 4:18 p.m.4 views

CVE-2025-63011

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows DOM-Based XSS.This issue affects WP Hotel Booking: from n/a through = 2.2.8...

5.9CVSS0.00174EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/09 2:52 p.m.23 views

CVE-2025-63011 WordPress WP Hotel Booking plugin <= 2.2.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows DOM-Based XSS.This issue affects WP Hotel Booking: from n/a through = 2.2.8...

5.9CVSS0.00174EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/09 2:52 p.m.24 views

CVE-2025-63012 WordPress WP Hotel Booking plugin <= 2.2.8 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows Cross Site Request Forgery.This issue affects WP Hotel Booking: from n/a through = 2.2.8...

4.3CVSS0.00111EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/09 2:52 p.m.3 views

EUVD-2025-201997

Cross-Site Request Forgery CSRF vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows Cross Site Request Forgery.This issue affects WP Hotel Booking: from n/a through = 2.2.7...

4.3CVSS6.3AI score0.00111EPSS
Exploits0References2
CVE
CVE
added 2025/12/09 2:52 p.m.7 views

CVE-2025-63013

CVE-2025-63013 affects the WordPress WP Hotel Booking plugin (wp-hotel-booking) versions up to and including 2.2.7. The documented issue is exposure of sensitive system information and the ability to retrieve embedded sensitive data, indicating a data-access exposure vulnerability. The root cause...

4.3CVSS6.5AI score0.00223EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/09 2:52 p.m.1 views

CVE-2025-63012 WordPress WP Hotel Booking plugin <= 2.2.8 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows Cross Site Request Forgery.This issue affects WP Hotel Booking: from n/a through = 2.2.8...

4.3CVSS5.1AI score0.00111EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/09 2:14 p.m.23 views

CVE-2025-67597 WordPress Fluent Booking plugin <= 1.9.11 - Broken Access Control vulnerability

Missing Authorization vulnerability in Shahjahan Jewel Fluent Booking fluent-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fluent Booking: from n/a through = 1.9.11...

4.3CVSS0.00153EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.4 views

WordPress plugin WP Hotel Booking 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

4.3CVSS6.4AI score0.00223EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.4 views

PT-2025-50031

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows DOM-Based XSS.This issue affects WP Hotel Booking: from n/a through = 2.2.7...

6.4AI score0.00174EPSS
Exploits0References2
Rows per page
Query Builder