EUVD-2025-11999

Malicious code in bioql PyPI...

EUVD-2023-52777

Malicious code in bioql PyPI...

CVE-2023-48744

Cross-Site Request Forgery CSRF vulnerability in Offshore Web Master Availability Calendar allows Cross Site Request Forgery.This issue affects Availability Calendar: from n/a through 1.2.6...

CVE-2021-24606

The Availability Calendar WordPress plugin before 1.2.1 does not escape the category attribute from its shortcode before using it in a SQL statement, leading to a SQL Injection issue, which can be exploited by any user able to add shortcode to posts/pages, such as contributor+...

CVE-2021-24604

The Availability Calendar WordPress plugin before 1.2.2 does not sanitise or escape its Category Names before outputting them in page/post where the associated shortcode is embed, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...

CVE-2025-46528

Cross-Site Request Forgery CSRF vulnerability in Steve Availability Calendar availability allows Stored XSS.This issue affects Availability Calendar: from n/a through = 0.2.4...

CVE-2025-46528

Cross-Site Request Forgery CSRF vulnerability in Steve Availability Calendar availability allows Stored XSS.This issue affects Availability Calendar: from n/a through = 0.2.4...

CVE-2025-46528 WordPress Availability Calendar plugin <= 0.2.4 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Steve Availability Calendar availability allows Stored XSS.This issue affects Availability Calendar: from n/a through = 0.2.4...

CVE-2025-46528 WordPress Availability Calendar <= 0.2.4 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Steve Availability Calendar allows Stored XSS. This issue affects Availability Calendar: from n/a through 0.2.4...

CVE-2025-46528

CVE-2025-46528 describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Availability Calendar plugin, which allows Stored XSS. Affected versions are Availability Calendar up to 0.2.4. The available connected sources confirm the CSRF vector and stored XSS potential but do not p...

WordPress plugin Availability Calendar 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

CVE-2023-48744

Cross-Site Request Forgery CSRF vulnerability in Offshore Web Master Availability Calendar allows Cross Site Request Forgery.This issue affects Availability Calendar: from n/a through 1.2.6...

CVE-2023-48744

Cross-Site Request Forgery CSRF vulnerability in Offshore Web Master Availability Calendar allows Cross Site Request Forgery.This issue affects Availability Calendar: from n/a through 1.2.6...

CVE-2023-48744

CVE-2023-48744 is a CSRF vulnerability in the WordPress plugin Availability Calendar (affected:

CVE-2023-48744 WordPress Availability Calendar Plugin <= 1.2.6 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Offshore Web Master Availability Calendar allows Cross Site Request Forgery.This issue affects Availability Calendar: from n/a through 1.2.6...

WordPress Plugin Availability Calendar Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

Availability Calendar <= 1.2.6 - Cross-Site Request Forgery via add_availability_calendar_create_admin_page()

Description The Availability Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.6. This is due to missing or incorrect nonce validation on the addavailabilitycalendarcreateadminpage function. This makes it possible for unauthenticated...

WordPress Availability Calendar Plugin <= 1.2.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software Availability Calendar Type Plugin Vulnerable versions = 1.2.6 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-48744 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 807dd728d114 Credits Nguyen Xuan Chi...

PT-2023-27785 · Phpjabbers · Phpjabbers Availability Booking Calendar

Name of the Vulnerable Software and Affected Versions: PHP Jabbers Availability Booking Calendar version 5.0 Description: A vulnerability has been found in the software, classified as problematic. It affects an unknown functionality of the file /index.php. The manipulation of the session id...

Availability Booking Calendar PHP 跨站脚本漏洞

Availability Booking Calendar PHP is GZ Scripts open source an availability booking calendar system . Availability Booking Calendar PHP v1.0 version of a cross-site scripting vulnerability , the vulnerability stems from the file index.php parameter promocode on the user-supplied data lack of...