Lucene search
K

4 matches found

CVE
CVE
added 11 hours ago8 views

CVE-2026-3576

CVE-2026-3576 affects the Planyo Online Reservation System plugin for WordPress (versions up to 3.0). The flaw is an unauthenticated Server-Side Request Forgery via the ulap_url AJAX proxy (ulap.php). The allowlist checks a host (e.g., localhost) but does not validate the URL scheme, allowing a c...

7.2CVSS6.2AI score
Exploits0References12
EUVD
EUVD
added 11 hours ago4 views

EUVD-2026-43137

The Planyo Online Reservation System plugin for WordPress is vulnerable to Server-Side Request Forgery leading to Local File Inclusion in all versions up to, and including, 3.0. The ulap.php file acts as an AJAX proxy and is directly accessible without WordPress bootstrapping or any authenticatio...

7.2CVSS6.2AI score
Exploits0References12
Patchstack
Patchstack
added 2025/04/01 3:57 p.m.4 views

WordPress Planyo online reservation system plugin <= 3.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by muhammad yudha in WordPress Plugin Planyo online reservation system versions = 3.0...

6.5CVSS6.9AI score0.00331EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2025/04/01 12:0 a.m.5 views

WordPress plugin Planyo online reservation system 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

6.5CVSS6.5AI score0.00331EPSS
Exploits0References2
Rows per page
Query Builder