WordPress Pinpoint Booking System plugin <= 2.9.9.5.0- Authenticated (Subscriber+) SQL Injection vulnerability

WordPress Pinpoint Booking System plugin = 2.9.9.5.0- Authenticated Subscriber+ SQL Injection vulnerability discovered by Piotr Kuśpit in WordPress Plugin Pinpoint Booking System versions = 2.9.9.5.0...

WordPress Pinpoint Booking System Plugin <= 2.9.9.5.0 is vulnerable to SQL Injection

Software Pinpoint Booking System Type Plugin Vulnerable versions = 2.9.9.5.0 Fixed in 2.9.9.5.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-7112 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 3f6ddfc5c651 Credits Piotr Kuśpit Required privilege...

CVE-2024-7112

The Pinpoint Booking System – 1 WordPress Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘schedule’ parameter in all versions up to, and including, 2.9.9.5.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

CVE-2024-7112

The Pinpoint Booking System – 1 WordPress Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘schedule’ parameter in all versions up to, and including, 2.9.9.5.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

CVE-2024-7112 Pinpoint Booking System <= 2.9.9.5.0- Authenticated (Subscriber+) SQL Injection

The Pinpoint Booking System – 1 WordPress Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘schedule’ parameter in all versions up to, and including, 2.9.9.5.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

CVE-2024-7112 Pinpoint Booking System <= 2.9.9.5.0- Authenticated (Subscriber+) SQL Injection

The Pinpoint Booking System – 1 WordPress Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘schedule’ parameter in all versions up to, and including, 2.9.9.5.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

CVE-2024-7112

The CVE-2024-7112 entry describes a SQL Injection in Pinpoint Booking System (WordPress plugin) via the schedule parameter, affecting versions up to and including 2.9.9.5.0. The vulnerability is exploitable by authenticated users with Subscriber+ privileges, enabling additional SQL queries to acc...

WordPress plugin Pinpoint Booking System 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in the...

PT-2024-38083 · WordPress · Pinpoint Booking System

Name of the Vulnerable Software and Affected Versions: The Pinpoint Booking System – 1 WordPress Booking Plugin versions up to, and including, 2.9.9.5.0 Description: The issue is related to SQL Injection via the schedule parameter due to insufficient escaping on the user-supplied parameter and la...

WordPress Pinpoint Booking System plugin < 2.9.9.4.8 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by cyc707 in WordPress Plugin Pinpoint Booking System versions 2.9.9.4.8...

CVE-2024-3636

The Pinpoint Booking System WordPress plugin before 2.9.9.4.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-3636

The Pinpoint Booking System WordPress plugin before 2.9.9.4.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-3636 Pinpoint Booking System < 2.9.9.4.8 - Admin+ Stored XSS

The Pinpoint Booking System WordPress plugin before 2.9.9.4.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-3636

The CVE-2024-3636 entry concerns the Pinpoint Booking System WordPress plugin. Affected versions are prior to 2.9.9.4.8. The vulnerability is a Stored Cross-Site Scripting (XSS) flaw caused by insufficient sanitization/escaping of certain plugin settings, which could allow high-privilege users (e...

CVE-2024-3636 Pinpoint Booking System < 2.9.9.4.8 - Admin+ Stored XSS

The Pinpoint Booking System WordPress plugin before 2.9.9.4.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

PT-2024-26960 · WordPress · Pinpoint Booking System

Name of the Vulnerable Software and Affected Versions: The Pinpoint Booking System WordPress plugin versions prior to 2.9.9.4.8 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capabili...

WordPress Pinpoint Booking System Plugin < 2.9.9.4.8 is vulnerable to Cross Site Scripting (XSS)

Software Pinpoint Booking System Type Plugin Vulnerable versions 2.9.9.4.8 Fixed in 2.9.9.4.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3636 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b3affda44337 Credits cyc707...

WordPress plugin Pinpoint Booking System 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability previously...

CVE-2023-38520 WordPress Pinpoint Booking System plugin <= 2.9.9.3.4 - Parameter Tampering

External Control of Assumed-Immutable Web Parameter vulnerability in PINPOINT.WORLD Pinpoint Booking System allows Functionality Misuse.This issue affects Pinpoint Booking System: from n/a through 2.9.9.3.4...

CVE-2023-38520 WordPress Pinpoint Booking System plugin <= 2.9.9.3.4 - Parameter Tampering

External Control of Assumed-Immutable Web Parameter vulnerability in PINPOINT.WORLD Pinpoint Booking System allows Functionality Misuse.This issue affects Pinpoint Booking System: from n/a through 2.9.9.3.4...