WordPress plugin WP Simple Booking Calendar 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2023-51525

Cross-Site Request Forgery CSRF vulnerability in Veribo, Roland Murg WP Simple Booking Calendar.This issue affects WP Simple Booking Calendar: from n/a through 2.0.8.4...

CVE-2021-24726

The WP Simple Booking Calendar WordPress plugin before 2.0.6 did not escape, validate or sanitise the orderby parameter in its Search Calendars action, before using it in a SQL statement, leading to an authenticated SQL injection issue...

CVE-2024-8663

CVE-2024-8663: WP Simple Booking Calendar (WordPress)

WordPress plugin WP Simple Booking Calendar 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A cross-site scripting...

WordPress WP Simple Booking Calendar Plugin <= 2.0.10 is vulnerable to Cross Site Scripting (XSS)

Software WP Simple Booking Calendar Type Plugin Vulnerable versions = 2.0.10 Fixed in 2.0.11 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8663 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 00e7be38a235 Credits vgo0...

CVE-2023-51525

Cross-Site Request Forgery CSRF vulnerability in Veribo, Roland Murg WP Simple Booking Calendar.This issue affects WP Simple Booking Calendar: from n/a through 2.0.8.4...

CVE-2023-51525 WordPress WP Simple Booking Calendar plugin <= 2.0.8.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Veribo, Roland Murg WP Simple Booking Calendar.This issue affects WP Simple Booking Calendar: from n/a through 2.0.8.4...

CVE-2023-51525

CVE-2023-51525 concerns the WordPress plugin WP Simple Booking Calendar (Veribo/Roland Murg). A CSRF vulnerability affects versions up to 2.0.8.4 (likely fixed in later releases). Root cause: improper CSRF protection enabling unauthorized actions on behalf of an authenticated user. Impact: potent...

WordPress plugin WP Simple Booking Calendar Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

WordPress WP Simple Booking Calendar Plugin <= 2.0.8.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP Simple Booking Calendar Type Plugin Vulnerable versions = 2.0.8.4 Fixed in 2.0.8.5 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-51525 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7e20b6088220 Credits...

CVE-2021-24726

The WP Simple Booking Calendar WordPress plugin before 2.0.6 did not escape, validate or sanitise the orderby parameter in its Search Calendars action, before using it in a SQL statement, leading to an authenticated SQL injection issue...

CVE-2021-24726

The WP Simple Booking Calendar WordPress plugin before 2.0.6 did not escape, validate or sanitise the orderby parameter in its Search Calendars action, before using it in a SQL statement, leading to an authenticated SQL injection issue...

CVE-2021-24726

The CVE relates to the WordPress plugin WP Simple Booking Calendar (versions before 2.0.6). Affected component: the Search Calendars action; root cause is failure to escape/validate/sanitize the orderby parameter, which is used in a SQL statement. This results in an authenticated SQL injection vu...

WordPress WP Simple Booking Calendar plugin <= 2.0.6 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by Martin Vierula Trustwave in WordPress WP Simple Booking Calendar plugin versions = 2.0.6. Solution Update the WordPress WP Simple Booking Calendar plugin to the latest available version at least 2.0.7...

WP Simple Booking Calendar <= 2.0.6 (before 07/12/2021) - Authenticated SQL Injection

The plugin did not escape, validate or sanitise the orderby parameter in its Search Calendars action, before using it in a SQL statement, leading to an authenticated SQL injection issue Note WPScanTeam: The issue was fixed without bumping the version, so there are two 2.0.6 versions out there, on...

WordPress WP Simple Booking Calendar Premium plugin <= 6.0-6.1 - Unauthenticated Data leak

When you know the URL which the plugin uses to export iCal feed, then you can see the availability and booking notes via that feed. Solution Update the plugin to 6.2...

WordPress WP Simple Booking Calendar Premium plugin 5.0–5.4 <= Unauthenticated Data leak

The booking notes are shown in the source code of the page. Solution Update the plugin to 5.5 version...

WordPress WP Simple Booking Calendar Premium <= 5.8–5.16 - Unauthenticated Data leak

When the tooltip function is disabled, the booking notes are still posted to the source code. Solution Update the plugin to 5.17...

WordPress Simple Booking Calendar 1.3 Cross Site Request Forgery

Plugin Name : WP Simple Booking Calendar A8-Cross-SiteRequestForgeryCSRF Effected Version : 1.3 and most probably lower version's if any Vulnerability : A8-Cross-Site Request Forgery CSRF Identified by : Madhu Akula Technical Details Minimum Level of Access Required : Unauthenticated PoC - Proof ...