CVE-2025-13317

The Appointment Booking Calendar plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.3.96. This is due to the plugin exposing an unauthenticated booking processing endpoint cpabcappointmentscheckIPNverification that trusts attacker-supplied payment...

CVE-2025-13317

The WordPress plugin “Appointment Booking Calendar” is affected up to version 1.3.96 by a Missing Authorization vulnerability. An unauthenticated endpoint (cpabc_appointments_check_IPN_verification) trusts attacker-supplied payment notifications and, via the cpabc_ipncheck parameter, allows unaut...

CVE-2025-12787 Hydra Booking – All in One Appointment Booking System | Appointment Scheduling, Booking Calendar & WooCommerce Bookings <= 1.1.27 - Unauthenticated Arbitrary Booking Cancellation via Weak Hash Generation

The Hydra Booking — Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to unauthorized booking cancellation in all versions up to, and including, 1.1.27. This is due to the plugin's "tfhbmeetingformsubmitcallback" function using insufficiently random values to generate...

PT-2022-13170 · WordPress · Five Star Restaurant Reservations

Name of the Vulnerable Software and Affected Versions: Five Star Restaurant Reservations WordPress plugin versions prior to 2.4.12 Description: The issue allows unauthenticated users to change the payment status of arbitrary bookings due to a lack of authorization. Additionally, it enables...