5 matches found
CVE-2026-4807
CVE-2026-4807 affects the WordPress plugin “Appointment Booking Calendar” (publicly exposed at WordPress.org) up to version 1.6.10.6. The root cause is missing authorization caused by flawed logic in nonce_permissions_check() combined with a site-wide public nonce exposed via /wp-json/ssa/v1/embe...
PT-2025-21146 · WordPress · Latepoint – Calendar Booking Plugin For Appointments/Events
Name of the Vulnerable Software and Affected Versions: LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress versions up to, and including, 5.1.92 Description: The issue allows unauthenticated attackers to retrieve appointment details, such as customer names and ema...
CVE-2024-51066
An Insecure Direct Object Reference IDOR vulnerability in appointment-detail.php in Phpgurukul's Beauty Parlour Management System v1.1 allows unauthorized access to the Personally Identifiable Information PII of other customers...
Improper Access Control which allows one provider to view and edit others provider appointment's details
Description Login using one provider's credential. After login successfully, notice there is POST request to /index.php/backendapi/ajaxgetcalendarappointments which allows the provider to view their own appointments information. However, by changing the recordid parameter to any number start from...
Daybyday CRM 授权问题漏洞
DayByDay CRM is an open source CRM Customer Relationship Management software, based on Laravel, that helps users keep track of clients, tasks, meetings and more. DayByDay CRM Information Disclosure Vulnerability, the vulnerability stems from the product's failure to add an effective restriction o...