20 matches found
WP BASE Booking - Reflected XSS
WP BASE Booking of Appointments, Services and Events WordPress plugin 5.0.0 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before output, letting attackers execute malicious scripts in high privilege users' browsers, exploit requires victim to...
EUVD-2025-2912
Malicious code in bioql PyPI...
CVE-2024-12737
The WP BASE Booking of Appointments, Services and Events WordPress plugin before 5.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-12737
CVE-2024-12737 : WP BASE Booking of Appointments, Services and Events (WordPress)
CVE-2024-12737 WP BASE Booking of Appointments, Services and Events < 5.0.0 - Reflected XSS
The WP BASE Booking of Appointments, Services and Events WordPress plugin before 5.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-12737 WP BASE Booking of Appointments, Services and Events < 5.0.0 - Reflected XSS
The WP BASE Booking of Appointments, Services and Events WordPress plugin before 5.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2025-22684
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hakan Ozevin WP BASE Booking wp-base-booking-of-appointments-services-and-events allows Stored XSS.This issue affects WP BASE Booking: from n/a through = 5.0.0...
CVE-2025-22684
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hakan Ozevin WP BASE Booking wp-base-booking-of-appointments-services-and-events allows Stored XSS.This issue affects WP BASE Booking: from n/a through = 5.0.0...
CVE-2025-22684 WordPress WP BASE Booking plugin <= 5.0.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hakan Ozevin WP BASE Booking wp-base-booking-of-appointments-services-and-events allows Stored XSS.This issue affects WP BASE Booking: from n/a through = 5.0.0...
CVE-2025-22684 WordPress WP BASE Booking plugin <= 5.0.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hakan Ozevin WP BASE Booking wp-base-booking-of-appointments-services-and-events allows Stored XSS.This issue affects WP BASE Booking: from n/a through = 5.0.0...
CVE-2025-22684
CVE-2025-22684 is a stored XSS in the WordPress plugin “WP BASE Booking of Appointments, Services and Events” (versions up to and including 5.0.0). The vulnerability stems from improper neutralization of input during web page generation, enabling stored cross-site scripting. Affected software and...
WordPress plugin WP BASE Booking 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...
WordPress WP BASE Booking plugin <= 5.0.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin WP BASE Booking versions = 5.0.0...
CVE-2024-12558
CVE-2024-12558 affects the WordPress plugin WP BASE Booking of Appointments, Services and Events . The vulnerability is a missing capability check in the export_db function across all versions up to and including 4.9.2, enabling an authenticated attacker with Subscriber+ privileges to access sens...
CVE-2024-12558 WP BASE Booking of Appointments, Services and Events <= 4.9.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via app_export_db
The WP BASE Booking of Appointments, Services and Events plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportdb function in all versions up to, and including, 4.9.2. This makes it possible for authenticated attackers, with...
CVE-2024-12558 WP BASE Booking of Appointments, Services and Events <= 4.9.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via app_export_db
The WP BASE Booking of Appointments, Services and Events plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportdb function in all versions up to, and including, 4.9.2. This makes it possible for authenticated attackers, with...
CVE-2024-12469
The WP BASE Booking of Appointments, Services and Events plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘status’ parameter in all versions up to, and including, 4.9.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticat...
CVE-2024-12469 WP BASE Booking of Appointments, Services and Events <= 4.9.1 - Reflected Cross-Site Scripting via status Parameter
The WP BASE Booking of Appointments, Services and Events plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘status’ parameter in all versions up to, and including, 4.9.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticat...
CVE-2024-12469 WP BASE Booking of Appointments, Services and Events <= 4.9.1 - Reflected Cross-Site Scripting via status Parameter
The WP BASE Booking of Appointments, Services and Events plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘status’ parameter in all versions up to, and including, 4.9.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticat...
CVE-2024-12469
CVE-2024-12469 affects the WP BASE Booking of Appointments, Services and Events WordPress plugin. It is a Reflected Cross-Site Scripting vulnerability via the status parameter, caused by insufficient input sanitization/output escaping, exploitable by unauthenticated attackers who lure a user into...