Lucene search
+L

5 matches found

NVD
NVD
added 2026/06/30 7:16 a.m.12 views

CVE-2026-9576

The Fluent Booking WordPress plugin before 2.1.2 does not verify ownership of the requested groupid before exporting attendee data via the export endpoint, allowing users with at least the Calendar Manager role to retrieve attendees' PII name, email, phone, address, payment information from...

4.9CVSS0.00234EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/26 12:30 p.m.7 views

WordPress Fluent Booking plugin <= 2.1.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Tarcísio LuchesiPoystick in WordPress Plugin Fluent Booking versions = 2.1.0...

6.5CVSS5.8AI score0.00161EPSS
Exploits0Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/26 1:26 p.m.2 views

CVE-2026-2231

The Fluent Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in all versions up to, and including, 2.0.01 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...

7.2CVSS6AI score0.00302EPSS
Exploits0References8
Cvelist
Cvelist
added 2025/12/09 2:14 p.m.25 views

CVE-2025-67597 WordPress Fluent Booking plugin <= 1.9.11 - Broken Access Control vulnerability

Missing Authorization vulnerability in Shahjahan Jewel Fluent Booking fluent-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fluent Booking: from n/a through = 1.9.11...

4.3CVSS0.00153EPSS
Exploits0References1
NVD
NVD
added 2025/12/03 2:15 p.m.4 views

CVE-2025-13756

The Fluent Booking plugin for WordPress is vulnerable to unauthorized calendar import and management due to a missing capability check on the "importCalendar" function in all versions up to, and including, 1.9.11. This makes it possible for authenticated attackers, with subscriber level access an...

4.3CVSS0.00164EPSS
Exploits0References2
Rows per page
Query Builder