9 matches found
CVE-2025-13385
The Bookme – Free Online Appointment Booking and Scheduling Plugin for WordPress is vulnerable to time-based SQL Injection via the filterstatus parameter in all versions up to, and including, 4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
CVE-2025-13385
The Bookme – Free Online Appointment Booking and Scheduling Plugin for WordPress is vulnerable to time-based SQL Injection via the filterstatus parameter in all versions up to, and including, 4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
CVE-2025-13385 Bookme <= 4.2 - Authenticated (Admin+) SQL Injection via 'filter[status]' Parameter
The Bookme – Free Online Appointment Booking and Scheduling Plugin for WordPress is vulnerable to time-based SQL Injection via the filterstatus parameter in all versions up to, and including, 4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
EUVD-2025-199564
The Bookme – Free Online Appointment Booking and Scheduling Plugin for WordPress is vulnerable to time-based SQL Injection via the filterstatus parameter in all versions up to, and including, 4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
CVE-2025-13385 Bookme <= 4.2 - Authenticated (Admin+) SQL Injection via 'filter[status]' Parameter
The Bookme – Free Online Appointment Booking and Scheduling Plugin for WordPress is vulnerable to time-based SQL Injection via the filterstatus parameter in all versions up to, and including, 4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
CVE-2025-13385
CVE-2025-13385 affects the WordPress plugin Bookme – Free Online Appointment Booking and Scheduling System (versions up to 4.2). The vulnerability is a time-based SQL Injection arising from insufficient escaping of the filter[status] parameter in the affected SQL query, enabling an authenticated ...
PT-2025-48009
The Bookme – Free Online Appointment Booking and Scheduling Plugin for WordPress is vulnerable to time-based SQL Injection via the filterstatus parameter in all versions up to, and including, 4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
WordPress plugin Bookme – Free Online Appointment Booking and Scheduling SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin ... WordPress plugin...
WordPress Bookme plugin <= 4.2 - Authenticated (Admin+) SQL Injection via 'filter[status]' Parameter vulnerability
Authenticated Admin+ SQL Injection via 'filterstatus' Parameter vulnerability discovered by Sopon Tangpathum SoNaJaa - freelance in WordPress Plugin Bookme – Free Online Appointment Booking and Scheduling Plugin versions = 4.2...