CVE-2026-43882

WWBN AVideo is an open source video platform. In versions up to and including 29.0, the unauthenticated plugin/Scheduler/downloadICS.php endpoint passes attacker-controlled title, description, and joinURL parameters into Scheduler::downloadICS, which builds an ICS calendar file via the ICS helper...

CVE-2023-50841

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Repute Infosystems BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin.This issue affects BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin...

EUVD-2023-55574

Malicious code in bioql PyPI...

CVE-2025-57978

Cross-Site Request Forgery CSRF vulnerability in themespride Advanced Appointment Booking & Scheduling advanced-appointment-booking-scheduling allows Cross Site Request Forgery.This issue affects Advanced Appointment Booking & Scheduling: from n/a through = 2.1...

CVE-2025-57978

CVE-2025-57978 details are not provided in the connected documents. The Initial Description notes a CSRF vulnerability in Advanced Appointment Booking & Scheduling (up to version 1.9), but there are no concrete technical specifics or remediation steps in the supplied materials.

CVE-2025-57978 WordPress Advanced Appointment Booking & Scheduling plugin <= 2.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in themespride Advanced Appointment Booking & Scheduling advanced-appointment-booking-scheduling allows Cross Site Request Forgery.This issue affects Advanced Appointment Booking & Scheduling: from n/a through = 2.1...

WordPress plugin Advanced Appointment Booking & Scheduling 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...

CVE-2024-1634

The Scheduling Plugin – Online Booking for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cbsbdisconnectsettings' function in all versions up to, and including, 3.5.10. This makes it possible for unauthenticated attackers to...

CVE-2024-12274

The Appointment Booking Calendar Plugin and Scheduling Plugin WordPress plugin before 1.1.23 export settings functionality exports data to a public folder, with an easily guessable file name, allowing unauthenticated attackers to access the exported files if they exist...

PT-2025-1798 · WordPress · Appointment Booking Calendar Plugin

Name of the Vulnerable Software and Affected Versions: Appointment Booking Calendar Plugin and Scheduling Plugin versions prior to 1.1.23 Description: The export settings functionality in the Appointment Booking Calendar Plugin and Scheduling Plugin exports data to a public folder with an easily...

CVE-2024-10540 Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress <= 1.1.16 - Authenticated (Subscriber+) SQL Injection

The Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to SQL Injection via the 'service' parameter of the bookingpressform shortcode in all versions up to, and including, 1.1.16 due to insufficient escaping on the user supplied parameter a...

CVE-2024-10540 Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress <= 1.1.16 - Authenticated (Subscriber+) SQL Injection

The Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to SQL Injection via the 'service' parameter of the bookingpressform shortcode in all versions up to, and including, 1.1.16 due to insufficient escaping on the user supplied parameter a...

CVE-2024-1634

The Scheduling Plugin – Online Booking for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cbsbdisconnectsettings' function in all versions up to, and including, 3.5.10. This makes it possible for unauthenticated attackers to...

CVE-2024-1634

CVE-2024-1634 concerns the Scheduling Plugin – Online Booking for WordPress. A missing capability check in the function cbsb_disconnect_settings affects all versions up to 3.5.10, enabling unauthenticated attackers to disconnect the plugin from the StartBooking service and remove connection data....

PT-2024-18182 · WordPress · The Scheduling Plugin – Online Booking

Name of the Vulnerable Software and Affected Versions: The Scheduling Plugin – Online Booking for WordPress plugin versions up to, and including, 3.5.10 Description: The issue is related to a missing capability check on the cbsb disconnect settings function, which allows unauthenticated attackers...

WordPress Scheduling Plugin – Online Booking for WordPress plugin <= 3.5.10 - Unauthenticated Plugin Settings Reset vulnerability

Unauthenticated Plugin Settings Reset vulnerability discovered by Lucio Sá in WordPress Plugin Scheduling Plugin – Online Booking for WordPress versions = 3.5.10...

Scheduling Plugin – Online Booking for WordPress <= 3.5.10 - Missing Authorization to Unauthenticated Service Disconnection

Description The Scheduling Plugin – Online Booking for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cbsbdisconnectsettings' function in all versions up to, and including, 3.5.10. This makes it possible for unauthenticated...

WordPress Scheduling Plugin – Online Booking for WordPress Plugin <= 3.5.10 is vulnerable to Broken Access Control

Software Scheduling Plugin – Online Booking for WordPress Type Plugin Vulnerable versions = 3.5.10 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1634 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 166eecf10900...

PT-2024-32543 · WordPress · Shiftcontroller Employee Shift Scheduling

Name of the Vulnerable Software and Affected Versions: ShiftController Employee Shift Scheduling plugin versions up to, and including, 4.9.57 Description: The ShiftController Employee Shift Scheduling plugin is vulnerable to PHP Object Injection via deserialization of untrusted input via the hc3...

CVE-2024-23517

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Start Booking Scheduling Plugin – Online Booking for WordPress allows Stored XSS.This issue affects Scheduling Plugin – Online Booking for WordPress: from n/a through 3.5.10...