5 matches found
WordPress Booking Package plugin <= 1.7.20 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by PRISM in WordPress Plugin Booking Package versions = 1.7.20...
CVE-2026-4911
The Booking Package WordPress plugin (versions up to and including 1.7.06) is vulnerable to unauthenticated price manipulation via the amount parameter in PaymentIntent creation. The root cause is that user-controlled $_POST['amount'] is sent to Stripe without validation, and the server-calculate...
CVE-2026-4911
The Booking Package plugin for WordPress is vulnerable to Price Manipulation in versions up to, and including, 1.7.06 This is due to the intentForStripe function passing user-controlled $POST'amount' directly to the Stripe PaymentIntent API without validation, and the commitStripe function ignori...
CVE-2024-30516 WordPress Booking Package plugin <= 1.6.27 - Price Manipulation vulnerability
Improper Validation of Specified Quantity in Input vulnerability in SaasProject Booking Package allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booking Package: from n/a through 1.6.27...
WordPress Booking Package Plugin <= 1.6.27 is vulnerable to Other Vulnerability Type
Software Booking Package Type Plugin Vulnerable versions = 1.6.27 Fixed in 1.6.29 OWASP Top 10 A8: Software and Data Integrity Failures Classification Other Vulnerability Type CVE CVE-2024-30516 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID 14a6927c22b5 Credits Abdi...