28 matches found
EUVD-2026-37656
Subscriber Arbitrary File Download in Woocommerce Book Price = 1.3 versions...
CVE-2025-12788
CVE-2025-12788 concerns the Hydra Booking — Appointment Scheduling & Booking Calendar WordPress plugin. The vulnerability affects all versions up to 1.1.27 and stems from missing server-side verification of payment status inside the tfhb_meeting_paypal_payment_confirmation_callback function; the ...
EUVD-2023-51885
Malicious code in bioql PyPI...
CVE-2024-31117
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Moises Heberle WooCommerce Bookings Calendar.This issue affects WooCommerce Bookings Calendar: from n/a through 1.0.36...
CVE-2023-47787
Cross-Site Request Forgery CSRF vulnerability in WooCommerce WooCommerce Bookings.This issue affects WooCommerce Bookings: from n/a through 2.0.3...
CVE-2023-32747
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Bookings.This issue affects WooCommerce Bookings: from n/a through 1.15.78...
WooCommerce Bookings Calendar <= 1.0.36 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The WooCommerce Bookings Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.36 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access an...
CVE-2024-31117
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Moises Heberle WooCommerce Bookings Calendar.This issue affects WooCommerce Bookings Calendar: from n/a through 1.0.36...
CVE-2024-31117 WordPress WooCommerce Bookings Calendar plugin <= 1.0.36 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Moises Heberle WooCommerce Bookings Calendar.This issue affects WooCommerce Bookings Calendar: from n/a through 1.0.36...
CVE-2024-31117
CVE-2024-31117 is an HTML/JavaScript input handling vulnerability (Cross-site Scripting) in the WordPress plugin WooCommerce Bookings Calendar by Moises Heberle. The description (from Red Hat and the CVE entry) states this is an improper neutralization of input during web page generation, enablin...
WordPress Plugin WooCommerce Bookings Calendar 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress WooCommerce Bookings Calendar plugin <= 1.0.36 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin WooCommerce Bookings Calendar versions = 1.0.36...
WordPress WooCommerce Bookings Calendar Plugin <= 1.0.36 is vulnerable to Cross Site Scripting (XSS)
Software WooCommerce Bookings Calendar Type Plugin Vulnerable versions = 1.0.36 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-31117 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3cfa3dbb3e01 Credits LVT-tholv2k Required...
CVE-2023-32747
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Bookings.This issue affects WooCommerce Bookings: from n/a through 1.15.78...
CVE-2023-32747
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Bookings.This issue affects WooCommerce Bookings: from n/a through 1.15.78...
Authorization
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Bookings.This issue affects WooCommerce Bookings: from n/a through 1.15.78...
CVE-2023-32747 WordPress WooCommerce Bookings Plugin <= 1.15.78 is vulnerable to Insecure Direct Object References (IDOR)
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Bookings.This issue affects WooCommerce Bookings: from n/a through 1.15.78...
CVE-2023-32747 WordPress WooCommerce Bookings Plugin <= 1.15.78 is vulnerable to Insecure Direct Object References (IDOR)
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Bookings.This issue affects WooCommerce Bookings: from n/a through 1.15.78...
WordPress plugin WooCommerce Bookings security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2023-23995 · Unknown · Woocommerce Bookings
Name of the Vulnerable Software and Affected Versions: WooCommerce Bookings versions 1.15.78 and earlier Description: The issue is related to an Authorization Bypass Through User-Controlled Key vulnerability. This allows for potential unauthorized access. Recommendations: For versions 1.15.78 and...