17 matches found
WordPress Fluent Booking - The Ultimate Appointments Scheduling, Events Booking, Events Calendar Solution plugin <= 1.9.11 - Authenticated (Subscriber+) Missing Authorization to Calendar Import and Management vulnerability
WordPress Fluent Booking - The Ultimate Appointments Scheduling, Events Booking, Events Calendar Solution plugin = 1.9.11 - Authenticated Subscriber+ Missing Authorization to Calendar Import and Management vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPre...
CVE-2025-13756
The Fluent Booking plugin for WordPress is vulnerable to unauthorized calendar import and management due to a missing capability check on the "importCalendar" function in all versions up to, and including, 1.9.11. This makes it possible for authenticated attackers, with subscriber level access an...
CVE-2025-13756
The Fluent Booking plugin for WordPress is vulnerable to unauthorized calendar import and management due to a missing capability check on the "importCalendar" function in all versions up to, and including, 1.9.11. This makes it possible for authenticated attackers, with subscriber level access an...
CVE-2025-13756 Fluent Booking – The Ultimate Appointments Scheduling, Events Booking, Events Calendar Solution <= 1.9.11 - Authenticated (Subscriber+) Missing Authorization to Calendar Import and Management
The Fluent Booking plugin for WordPress is vulnerable to unauthorized calendar import and management due to a missing capability check on the "importCalendar" function in all versions up to, and including, 1.9.11. This makes it possible for authenticated attackers, with subscriber level access an...
EUVD-2025-200975
The Fluent Booking plugin for WordPress is vulnerable to unauthorized calendar import and management due to a missing capability check on the "importCalendar" function in all versions up to, and including, 1.9.11. This makes it possible for authenticated attackers, with subscriber level access an...
CVE-2025-13756 Fluent Booking – The Ultimate Appointments Scheduling, Events Booking, Events Calendar Solution <= 1.9.11 - Authenticated (Subscriber+) Missing Authorization to Calendar Import and Management
The Fluent Booking plugin for WordPress is vulnerable to unauthorized calendar import and management due to a missing capability check on the "importCalendar" function in all versions up to, and including, 1.9.11. This makes it possible for authenticated attackers, with subscriber level access an...
CVE-2025-13756
CVE-2025-13756 affects Fluent Booking – The Ultimate Appointments Scheduling, Events Booking, Events Calendar Solution for WordPress up to version 1.9.11. The issue is an unauthorized calendar import/management capability due to a missing capability check in importCalendar, enabling authenticated...
WordPress plugin Fluent Booking 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
EUVD-2025-23460
Malicious code in bioql PyPI...
CVE-2025-52133
The Mocca Calendar application before 2.15 for XWiki allows XSS via a title upon calendar import...
CVE-2025-52133
The Mocca Calendar application before 2.15 for XWiki allows XSS via a title upon calendar import...
CVE-2025-52133
CVE-2025-52133 affects the Mocca Calendar application for XWiki (versions before 2.15). The issue is a cross-site scripting (XSS) vulnerability triggered by a crafted title during calendar import, caused by an XSS in the calendar import header. CVSSv3.1 base score is 6.4 (Medium) with Network att...
XWiki Contrib Mocca Calendar Application 跨站脚本漏洞
XWiki Contrib Mocca Calendar Application is an open source XWiki plugin for XWiki Contrib. A cross-site scripting vulnerability exists in XWiki Contrib Mocca Calendar Application versions prior to 2.15, which stems from cross-site scripting in the calendar import header...
CVE-2025-52133
The Mocca Calendar application before 2.15 for XWiki allows XSS via a title upon calendar import...
CVE-2025-52133
The Mocca Calendar application before 2.15 for XWiki allows XSS via a title upon calendar import...
Server-Side Request Forgery (SSRF)
plone.app.event is vulnerable to server-side request forgery SSRF. An attacker with the Manager access is able to submit requests on behalf of the server via the calendar import settings using file://...
Mail.ru: Blind SSRF на calendar.mail.ru при импорте календаря
Blind SSRF in calendar.mail.ru via calendar import functionality...