CVE-2022-0739

The BookingPress WordPress plugin before 1.0.11 fails to properly sanitize user supplied POST data before it is used in a dynamically constructed SQL query via the bookingpressfrontgetcategoryservices AJAX action available to unauthenticated users, leading to an unauthenticated SQL Injection...

CVE-2023-50841

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Repute Infosystems BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin.This issue affects BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin...

EUVD-2022-51693

Malicious code in bioql PyPI...

EUVD-2024-48288

Malicious code in bioql PyPI...

EUVD-2024-47716

Malicious code in bioql PyPI...

EUVD-2023-58466

Malicious code in bioql PyPI...

CVE-2024-10540

The Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to SQL Injection via the 'service' parameter of the bookingpressform shortcode in all versions up to, and including, 1.1.16 due to insufficient escaping on the user supplied parameter a...

CVE-2023-36507

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Repute Infosystems BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin.This issue affects BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin: from n/a through 1.0.6...

CVE-2023-6219

The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'bookingpressprocessupload' function in versions up to, and including, 1.0.76. This makes it possible for authenticated attackers with administrator-level capabilities or above...

CVE-2022-4340

The BookingPress WordPress plugin before 1.0.31 suffers from an Insecure Direct Object Reference IDOR vulnerability in it's thank you page, allowing any visitor to display information about any booking, including full name, date, time and service booked, by manipulating the appointmentid query...

CVE-2024-7350

The Appointment Booking Calendar Plugin and Online Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to authentication bypass in versions 1.1.6 to 1.1.7. This is due to the plugin not properly verifying a user's identity prior to logging them in when completing a booking. This...

CVE-2024-3022

The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient filename validation in the 'bookingpressprocessupload' function in all versions up to, and including 1.0.87. This allows an authenticated attacker with administrator-level capabilities or higher to...

CVE-2024-6660

The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the bookingpressimportdatacontinueprocessfunc function in all...

CVE-2025-24732 WordPress BookingPress Plugin <= 1.1.25 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in reputeinfosystems BookingPress bookingpress-appointment-booking allows DOM-Based XSS.This issue affects BookingPress: from n/a through = 1.1.25...

PT-2025-5546 · Unknown · Bookingpress

Name of the Vulnerable Software and Affected Versions: BookingPress versions 1.1.25 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for DOM-Based XSS. This means an attacker could potentially inject malicious scripts into...

CVE-2024-12274

The CVE-2024-12274 entry concerns BookingPress (Appointment Booking Calendar Plugin and Scheduling Plugin) for WordPress, affecting versions before 1.1.23. Technical details across connected sources confirm an unauthenticated risk: the Export Settings feature writes data to a publicly accessible ...

CVE-2024-12274 BookingPress < 1.1.23 - Unauthenticated Export File Download

The Appointment Booking Calendar Plugin and Scheduling Plugin WordPress plugin before 1.1.23 export settings functionality exports data to a public folder, with an easily guessable file name, allowing unauthenticated attackers to access the exported files if they exist...

CVE-2024-11726

The Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to SQL Injection via the 'category' parameter of the 'bookingpressform' shortcode in all versions up to, and including, 1.1.21 due to insufficient escaping on the user supplied paramete...

CVE-2024-11726 Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress <= 1.1.21 - Authenticated (Contributor+) SQL Injection

The Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to SQL Injection via the 'category' parameter of the 'bookingpressform' shortcode in all versions up to, and including, 1.1.21 due to insufficient escaping on the user supplied paramete...

CVE-2024-11726

CVE-2024-11726 affects the BookingPress (Appointment Booking Calendar Plugin and Scheduling Plugin) for WordPress. The flaw is an SQL Injection in the shortcodes context: the category parameter of the bookingpress_form shortcode is inadequately escaped, allowing an authenticated user with Contrib...