WordPress LatePoint – Calendar Booking Plugin for Appointments and Events plugin <= 5.5.0 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by AmonRa in WordPress Plugin LatePoint versions = 5.5.0...

PT-2026-37351

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'booking form page url' parameter in all versions up to, and including, 5.5.0 due to insufficient input sanitization and output escaping. This makes it...

CVE-2026-2324

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.2.7. This is due to missing or incorrect nonce validation on the reloadpreview function. This makes it possible for...

WordPress LatePoint - Calendar Booking Plugin for Appointments and Events plugin <= 5.2.5 - Cross-Site Request Forgery vulnerability

WordPress LatePoint - Calendar Booking Plugin for Appointments and Events plugin = 5.2.5 - Cross-Site Request Forgery vulnerability discovered by Moose Love - Nagasaki Prefectural University in WordPress Plugin LatePoint versions = 5.2.5...

WordPress FAT Event - WordPress Event and Calendar Booking plugin <= 5.15 - Local File Inclusion vulnerability

WordPress FAT Event - WordPress Event and Calendar Booking plugin = 5.15 - Local File Inclusion vulnerability discovered by Jingle Bells in WordPress Plugin FAT Event - WordPress Event and Calendar Booking versions = 5.15...

CVE-2025-52731

Missing Authorization vulnerability in themefunction WordPress Event Manager, Event Calendar and Booking Plugin eventin-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Event Manager, Event Calendar and Booking Plugin: from n/a through =...

CVE-2024-0856

The Appointment Booking Calendar WordPress plugin before 1.3.83 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding a booking to the calendar without paying...

Time Slot Booking Calendar 1.8 - Stored Cross-Site Scripting Vulnerability

Exploit Title: Time Slot Booking Calendar 1.8 - Stored XSS Exploit Author: CraCkEr Vendor: GZ Scripts Vendor Homepage: https://gzscripts.com/ Software Link: https://gzscripts.com/time-slot-booking-calendar-php.html Version: 1.8 Tested on: Windows 10 Pro Impact: Manipulate the content of the site...

Time Slot Booking Calendar 1.8 - Stored Cross-Site Scripting (XSS)

Exploit Title: Time Slot Booking Calendar 1.8 - Stored XSS Date: 29/06/2023 Exploit Author: CraCkEr Vendor: GZ Scripts Vendor Homepage: https://gzscripts.com/ Software Link: https://gzscripts.com/time-slot-booking-calendar-php.html Version: 1.8 Tested on: Windows 10 Pro Impact: Manipulate the...