Lucene search
K

20 matches found

Nuclei
Nuclei
added 11 hours ago10 views

WP BASE Booking - Reflected XSS

WP BASE Booking of Appointments, Services and Events WordPress plugin 5.0.0 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before output, letting attackers execute malicious scripts in high privilege users' browsers, exploit requires victim to...

6.1CVSS7.2AI score0.00578EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-2912

Malicious code in bioql PyPI...

7.1CVSS9.1AI score0.00309EPSS
Exploits0References1
NVD
NVD
added 2025/02/26 1:15 p.m.6 views

CVE-2024-12737

The WP BASE Booking of Appointments, Services and Events WordPress plugin before 5.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS0.00578EPSS
Exploits1References1
CVE
CVE
added 2025/02/26 6:0 a.m.63 views

CVE-2024-12737

CVE-2024-12737 : WP BASE Booking of Appointments, Services and Events (WordPress)

6.1CVSS6.1AI score0.00578EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/02/26 6:0 a.m.6 views

CVE-2024-12737 WP BASE Booking of Appointments, Services and Events < 5.0.0 - Reflected XSS

The WP BASE Booking of Appointments, Services and Events WordPress plugin before 5.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1AI score0.00578EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/02/26 6:0 a.m.11 views

CVE-2024-12737 WP BASE Booking of Appointments, Services and Events < 5.0.0 - Reflected XSS

The WP BASE Booking of Appointments, Services and Events WordPress plugin before 5.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

0.00578EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/07 9:48 a.m.6 views

CVE-2025-22684

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hakan Ozevin WP BASE Booking wp-base-booking-of-appointments-services-and-events allows Stored XSS.This issue affects WP BASE Booking: from n/a through = 5.0.0...

7.1CVSS7.2AI score0.00309EPSS
Exploits0References1
NVD
NVD
added 2025/02/03 3:15 p.m.4 views

CVE-2025-22684

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hakan Ozevin WP BASE Booking wp-base-booking-of-appointments-services-and-events allows Stored XSS.This issue affects WP BASE Booking: from n/a through = 5.0.0...

7.1CVSS0.00309EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/03 2:23 p.m.18 views

CVE-2025-22684 WordPress WP BASE Booking plugin <= 5.0.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hakan Ozevin WP BASE Booking wp-base-booking-of-appointments-services-and-events allows Stored XSS.This issue affects WP BASE Booking: from n/a through = 5.0.0...

7.1CVSS0.00309EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/03 2:23 p.m.6 views

CVE-2025-22684 WordPress WP BASE Booking plugin <= 5.0.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hakan Ozevin WP BASE Booking wp-base-booking-of-appointments-services-and-events allows Stored XSS.This issue affects WP BASE Booking: from n/a through = 5.0.0...

7.1CVSS8.6AI score0.00309EPSS
Exploits0References1
CVE
CVE
added 2025/02/03 2:23 p.m.52 views

CVE-2025-22684

CVE-2025-22684 is a stored XSS in the WordPress plugin “WP BASE Booking of Appointments, Services and Events” (versions up to and including 5.0.0). The vulnerability stems from improper neutralization of input during web page generation, enabling stored cross-site scripting. Affected software and...

7.1CVSS7.2AI score0.00309EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/02/03 12:0 a.m.3 views

WordPress plugin WP BASE Booking 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

7.1CVSS8.2AI score0.00309EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/01/31 3:57 p.m.5 views

WordPress WP BASE Booking plugin <= 5.0.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin WP BASE Booking versions = 5.0.0...

7.1CVSS6.1AI score0.00309EPSS
Exploits0Affected Software1
CVE
CVE
added 2024/12/21 9:23 a.m.53 views

CVE-2024-12558

CVE-2024-12558 affects the WordPress plugin WP BASE Booking of Appointments, Services and Events . The vulnerability is a missing capability check in the export_db function across all versions up to and including 4.9.2, enabling an authenticated attacker with Subscriber+ privileges to access sens...

6.5CVSS6AI score0.01194EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2024/12/21 9:23 a.m.13 views

CVE-2024-12558 WP BASE Booking of Appointments, Services and Events <= 4.9.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via app_export_db

The WP BASE Booking of Appointments, Services and Events plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportdb function in all versions up to, and including, 4.9.2. This makes it possible for authenticated attackers, with...

6.5CVSS6.1AI score0.01194EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/12/21 9:23 a.m.24 views

CVE-2024-12558 WP BASE Booking of Appointments, Services and Events <= 4.9.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via app_export_db

The WP BASE Booking of Appointments, Services and Events plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportdb function in all versions up to, and including, 4.9.2. This makes it possible for authenticated attackers, with...

6.5CVSS0.01194EPSS
Exploits1References3
NVD
NVD
added 2024/12/17 10:15 a.m.10 views

CVE-2024-12469

The WP BASE Booking of Appointments, Services and Events plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘status’ parameter in all versions up to, and including, 4.9.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticat...

6.1CVSS0.00432EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/12/17 9:22 a.m.5 views

CVE-2024-12469 WP BASE Booking of Appointments, Services and Events <= 4.9.1 - Reflected Cross-Site Scripting via status Parameter

The WP BASE Booking of Appointments, Services and Events plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘status’ parameter in all versions up to, and including, 4.9.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticat...

6.1CVSS6.4AI score0.00432EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/12/17 9:22 a.m.15 views

CVE-2024-12469 WP BASE Booking of Appointments, Services and Events <= 4.9.1 - Reflected Cross-Site Scripting via status Parameter

The WP BASE Booking of Appointments, Services and Events plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘status’ parameter in all versions up to, and including, 4.9.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticat...

6.1CVSS0.00432EPSS
Exploits0References3
CVE
CVE
added 2024/12/17 9:22 a.m.45 views

CVE-2024-12469

CVE-2024-12469 affects the WP BASE Booking of Appointments, Services and Events WordPress plugin. It is a Reflected Cross-Site Scripting vulnerability via the status parameter, caused by insufficient input sanitization/output escaping, exploitable by unauthenticated attackers who lure a user into...

6.1CVSS6AI score0.00432EPSS
Exploits0References3
Rows per page
Query Builder