CVE-2024-54252 WordPress Pinpoint Booking System Plugin <= 2.9.9.5.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Pinpoint Booking System allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pinpoint Booking System: from n/a through 2.9.9.5.6...

CVE-2024-54252

CVE-2024-54252 is a Missing Authorization (Broken Access Control) vulnerability affecting Pinpoint Booking System WordPress plugin versions up to 2.9.9.5.6 (and related 2.9.9.5.x lines). Public docs describe an access-control misconfiguration that could allow unauthorized access or actions within...

PT-2024-36132 · Unknown · Pinpoint Booking System

Name of the Vulnerable Software and Affected Versions: Pinpoint Booking System versions through 2.9.9.5.2 Description: The issue is related to a Missing Authorization vulnerability in the Pinpoint Booking System, allowing exploitation of incorrectly configured access control security levels...

WordPress plugin Pinpoint Booking System 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2024-53815

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in DOTonPAPER Pinpoint Booking System booking-system allows Blind SQL Injection.This issue affects Pinpoint Booking System: from n/a through = 2.9.9.5.1...

CVE-2024-53815 WordPress Pinpoint Booking System plugin <= 2.9.9.5.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in DOTonPAPER Pinpoint Booking System booking-system allows Blind SQL Injection.This issue affects Pinpoint Booking System: from n/a through = 2.9.9.5.1...

CVE-2024-53815 WordPress Pinpoint Booking System plugin <= 2.9.9.5.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in DOTonPAPER Pinpoint Booking System booking-system allows Blind SQL Injection.This issue affects Pinpoint Booking System: from n/a through = 2.9.9.5.1...

CVE-2024-53815

CVE-2024-53815 concerns the Pinpoint Booking System WordPress plugin (versions up to 2.9.9.5.1) and is described as an SQL Injection vulnerability resulting from improper neutralization of input elements. The CVE entry lists a CVSS v3.1 base score of 8.5 (High) with network access, requiring low ...

WordPress plugin Pinpoint Booking System 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2024-35930 · Unknown · Pinpoint Booking System

Name of the Vulnerable Software and Affected Versions: Pinpoint Booking System versions through 2.9.9.5.1 Description: The issue is related to an SQL Injection vulnerability, specifically a Blind SQL Injection, which arises from the improper neutralization of special elements used in an SQL...

WordPress Pinpoint Booking System Plugin <= 2.9.9.5.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Muhammad Daffa Patchstack Alliance in WordPress Plugin Pinpoint Booking System versions = 2.9.9.5.7...

WordPress Pinpoint Booking System plugin <= 2.9.9.5.2 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Trương Hữu Phúc Patchstack Alliance in WordPress Plugin Pinpoint Booking System versions = 2.9.9.5.1...

CVE-2024-49304

Cross-Site Request Forgery CSRF vulnerability in DOTonPAPER Pinpoint Booking System booking-system allows Stored XSS.This issue affects Pinpoint Booking System: from n/a through = 2.9.9.5.7...

CVE-2024-49304 WordPress Pinpoint Booking System plugin <= 2.9.9.5.7 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery CSRF vulnerability in DOTonPAPER Pinpoint Booking System booking-system allows Stored XSS.This issue affects Pinpoint Booking System: from n/a through = 2.9.9.5.7...

CVE-2024-49304 WordPress Pinpoint Booking System plugin <= 2.9.9.5.7 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery CSRF vulnerability in DOTonPAPER Pinpoint Booking System booking-system allows Stored XSS.This issue affects Pinpoint Booking System: from n/a through = 2.9.9.5.7...

CVE-2024-49304

CVE-2024-49304 affects the Pinpoint Booking System WordPress plugin (versions up to 2.9.9.5.1). The vulnerability is a CSRF that enables Stored XSS. Patch/mitigation: Upgrade to Pinpoint Booking System 2.9.9.5.7 or later (per Patchstack: CSRF to Stored XSS vulnerability fixed in newer release). C...

PT-2024-33443 · Unknown · Pinpoint Booking System

Name of the Vulnerable Software and Affected Versions: Pinpoint Booking System versions through 2.9.9.5.1 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that also allows Stored XSS in the Pinpoint Booking System. Recommendations: For versions through 2.9.9.5.1, at the...

WordPress plugin Pinpoint Booking System 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site request forgery...

WordPress Pinpoint Booking System plugin <= 2.9.9.5.7 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

CSRF to Stored Cross Site Scripting XSS vulnerability discovered by Muhammad Daffa Patchstack Alliance in WordPress Plugin Pinpoint Booking System versions = 2.9.9.5.7...

WordPress Pinpoint Booking System Plugin <= 2.9.9.5.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Pinpoint Booking System Type Plugin Vulnerable versions = 2.9.9.5.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Request Forgery CSRF CVE CVE-2024-49304 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID b643a828e56e Credits Muhammad Daffa Requir...