Lucene search
K

36 matches found

NVD
NVD
added 2026/06/30 7:16 a.m.12 views

CVE-2026-9576

The Fluent Booking WordPress plugin before 2.1.2 does not verify ownership of the requested groupid before exporting attendee data via the export endpoint, allowing users with at least the Calendar Manager role to retrieve attendees' PII name, email, phone, address, payment information from...

4.9CVSS0.00234EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/30 6:0 a.m.6 views

EUVD-2026-40264

The Fluent Booking WordPress plugin before 2.1.2 does not verify ownership of the requested groupid before exporting attendee data via the export endpoint, allowing users with at least the Calendar Manager role to retrieve attendees' PII name, email, phone, address, payment information from...

4.9CVSS5.8AI score0.00234EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 6:0 a.m.15 views

CVE-2026-9576

CVE-2026-9576 affects the Fluent Booking WordPress plugin (versions before 2.1.2). The vulnerability arises from not verifying ownership of the requested group_id before exporting attendees data via the export endpoint, allowing users with at least the Calendar Manager role to access attendees’ P...

4.9CVSS5.8AI score0.00234EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.8 views

CVE-2026-57638

Contributor Cross Site Scripting XSS in Fluent Booking = 2.1.0 versions...

6.5CVSS0.00161EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:53 p.m.33 views

CVE-2026-57638 WordPress Fluent Booking plugin <= 2.1.0 - Cross Site Scripting (XSS) vulnerability

Contributor Cross Site Scripting XSS in Fluent Booking = 2.1.0 versions...

6.5CVSS0.00161EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:53 p.m.5 views

EUVD-2026-39754

Contributor Cross Site Scripting XSS in Fluent Booking = 2.1.0 versions...

6.5CVSS5.8AI score0.00161EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:53 p.m.14 views

CVE-2026-57638

CVE-2026-57638 concerns a Cross Site Scripting (XSS) vulnerability in the WordPress plugin Fluent Booking affecting versions

6.5CVSS5.8AI score0.00161EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/26 12:30 p.m.5 views

WordPress Fluent Booking plugin <= 2.1.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Tarcísio LuchesiPoystick in WordPress Plugin Fluent Booking versions = 2.1.0...

6.5CVSS5.8AI score0.00161EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/30 1:38 p.m.7 views

WordPress Fluent Booking plugin <= 2.0.01 - Unauthenticated Stored Cross-Site Scripting via Multiple Parameters vulnerability

Unauthenticated Stored Cross-Site Scripting via Multiple Parameters vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin Fluent Booking versions = 2.0.01...

7.2CVSS5.9AI score0.00302EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/27 5:9 p.m.4 views

CVE-2026-2231

The Fluent Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in all versions up to, and including, 2.0.01 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...

7.2CVSS6AI score0.00302EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/26 3:30 p.m.8 views

EUVD-2026-16172

The Fluent Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in all versions up to, and including, 2.0.01 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...

7.2CVSS6AI score0.00302EPSS
Exploits0References8
NVD
NVD
added 2026/03/26 2:16 p.m.3 views

CVE-2026-2231

The Fluent Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in all versions up to, and including, 2.0.01 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...

7.2CVSS0.00302EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/03/26 1:26 p.m.2 views

CVE-2026-2231

The Fluent Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in all versions up to, and including, 2.0.01 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...

7.2CVSS6AI score0.00302EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/03/26 1:26 p.m.3 views

CVE-2026-2231 Fluent Booking <= 2.0.01 - Unauthenticated Stored Cross-Site Scripting via Multiple Parameters

The Fluent Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in all versions up to, and including, 2.0.01 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...

7.2CVSS6AI score0.00302EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/03/26 1:26 p.m.27 views

CVE-2026-2231 Fluent Booking <= 2.0.01 - Unauthenticated Stored Cross-Site Scripting via Multiple Parameters

The Fluent Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in all versions up to, and including, 2.0.01 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...

7.2CVSS0.00302EPSS
Exploits0References7
CVE
CVE
added 2026/03/26 1:26 p.m.10 views

CVE-2026-2231

The CVE-2026-2231 entry concerns the Fluent Booking plugin for WordPress. Affected component: the plugin’s stored XSS via multiple parameters in all versions up to 2.0.01, caused by insufficient input sanitization and output escaping. Impact: unauthenticated attackers can inject arbitrary web scr...

7.2CVSS6AI score0.00302EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.12 views

WordPress plugin Fluent Booking 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.2CVSS5.7AI score0.00302EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.6 views

PT-2026-28322

Name of the Vulnerable Software and Affected Versions Fluent Booking versions up to and including 2.0.01 Description The Fluent Booking plugin for WordPress is susceptible to Stored Cross-Site Scripting through multiple parameters. Insufficient input sanitization and output escaping allow...

7.2CVSS6AI score0.00302EPSS
Exploits0References10
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress Fluent Booking - The Ultimate Appointments Scheduling, Events Booking, Events Calendar Solution plugin <= 1.9.11 - Authenticated (Subscriber+) Missing Authorization to Calendar Import and Management vulnerability

WordPress Fluent Booking - The Ultimate Appointments Scheduling, Events Booking, Events Calendar Solution plugin = 1.9.11 - Authenticated Subscriber+ Missing Authorization to Calendar Import and Management vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPre...

4.3CVSS5.5AI score0.00164EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/10 2:23 p.m.4 views

CVE-2025-67597

Missing Authorization vulnerability in Shahjahan Jewel Fluent Booking fluent-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fluent Booking: from n/a through = 1.9.11...

4.3CVSS7AI score0.00153EPSS
Exploits0References1
Rows per page
Query Builder