Lucene search
K

7342 matches found

NVD
NVD
added yesterday4 views

CVE-2026-57778

Missing Authorization vulnerability in wpdevart Booking calendar, Appointment Booking System booking-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking calendar, Appointment Booking System: from n/a through = 3.2.36...

5.3CVSS0.00285EPSS
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-57404

Missing Authorization vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking and Rental Manager: from n/a through = 2.6.9...

6.5CVSS0.00332EPSS
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-57388

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themefic Hydra Booking hydra-booking allows Stored XSS.This issue affects Hydra Booking: from n/a through = 1.1.44...

7.1CVSS0.00251EPSS
Exploits0References1
CVE
CVE
added yesterday10 views

CVE-2026-57778

CVE-2026-57778 affects the WordPress plugin Booking calendar, Appointment Booking System, specifically versions up to and including 3.2.36. The issue is described as Missing Authorization / Broken Access Control, arising from incorrectly configured access control security levels in the booking-ca...

5.3CVSS6.1AI score0.00285EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday17 views

CVE-2026-57778 WordPress Booking calendar, Appointment Booking System plugin <= 3.2.36 - Broken Access Control vulnerability

Missing Authorization vulnerability in wpdevart Booking calendar, Appointment Booking System booking-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking calendar, Appointment Booking System: from n/a through = 3.2.36...

5.3CVSS0.00285EPSS
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-57404

CVE-2026-57404 is a Missing Authorization / Broken Access Control vulnerability affecting the WordPress plugin Booking and Rental Manager for WooCommerce (versions up to 2.6.9). The issue arises from incorrectly configured access control security levels in Booking and Rental Manager, allowing una...

6.5CVSS6.1AI score0.00332EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday15 views

CVE-2026-57404 WordPress Booking and Rental Manager plugin <= 2.6.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking and Rental Manager: from n/a through = 2.6.9...

6.5CVSS0.00332EPSS
Exploits0References1
CVE
CVE
added yesterday6 views

CVE-2026-57388

CVE-2026-57388 describes a Stored XSS vulnerability in Themefic Hydra Booking (WordPress Hydra Booking plugin, hydra-booking) affecting versions up to and including 1.1.44. The root cause is improper neutralization of input during web page generation. Impact is cross-site scripting with low to mo...

7.1CVSS6.1AI score0.00251EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday14 views

CVE-2026-57388 WordPress Hydra Booking plugin <= 1.1.44 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themefic Hydra Booking hydra-booking allows Stored XSS.This issue affects Hydra Booking: from n/a through = 1.1.44...

7.1CVSS0.00251EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday11 views

WP BASE Booking - Reflected XSS

WP BASE Booking of Appointments, Services and Events WordPress plugin 5.0.0 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before output, letting attackers execute malicious scripts in high privilege users' browsers, exploit requires victim to...

6.1CVSS7AI score0.00578EPSS
Exploits1References1
Nuclei
Nuclei
added yesterday86 views

Hotel Booking Lite < 4.8.5 - Arbitrary File Download & Deletion

The Hotel Booking Lite WordPress plugin before 4.8.5 does not validate file paths provided via user input, as well as does not have proper CSRF and authorisation checks, allowing unauthenticated users to download and delete arbitrary files on the server id: CVE-2023-5991 info: name: Hotel Booking...

9.8CVSS7.1AI score0.03313EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday13 views

WP Hotel Booking <= 2.0.7 - SQL Injection

WP Hotel Booking WordPress plugin before 2.0.8 contains a SQL injection caused by lack of authorization, CSRF checks, and input escaping in a function hooked to admininit, letting unauthenticated users perform SQL injections, exploit requires no authentication. id: CVE-2023-5652 info: name: WP...

9.8CVSS7AI score0.63711EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday88 views

PHP Jabbers Night Club Booking 1.0 - Cross Site Scripting

A vulnerability was found in PHP Jabbers Night Club Booking Software 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack may be initiated remotely. The identifier...

6.1CVSS4.3AI score0.05109EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday48 views

TrueBooker <= 1.0.2 - SQL Injection

The TrueBooker Appointment Booking and Scheduler Plugin. plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 1.0.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...

9.8CVSS6.1AI score0.03292EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday28 views

WP Hotel Booking < 1.10.4 - PHP Object Injection

The wp-hotel-booking plugin through 1.10.2 for WordPress allows remote attackers to execute arbitrary code because of an unserialize operation on the thimpresshotelbooking1 cookie in load in includes/class-wphb-sessions.php. id: CVE-2020-29047 info: name: WP Hotel Booking 1.10.4 - PHP Object...

9.8CVSS7.3AI score0.16017EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday107 views

PHPJabbers Shuttle Booking Software 1.0 - Cross Site Scripting

The attacker can send to victim a link containing a malicious URL in an email or instant message can perform a wide variety of actions, such as stealing the victim's session token or login credentials. id: CVE-2023-4112 info: name: PHPJabbers Shuttle Booking Software 1.0 - Cross Site Scripting...

6.1CVSS6.1AI score0.05177EPSS
Exploits4References5
Nuclei
Nuclei
added yesterday149 views

WordPress eaSYNC Booking <1.1.16 - Arbitrary File Upload

WordPress eaSync Booking plugin bundle for hotel, restaurant and car rental before 1.1.16 is susceptible to arbitrary file upload. The plugin contains insufficient input validation of an AJAX action. An allowlist of valid file extensions is defined but is not used during the validation steps. An...

9.8CVSS7.2AI score0.23487EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday35 views

WordPress Advanced Booking Calendar <1.7.1 - Cross-Site Scripting

WordPress Advanced Booking Calendar plugin before 1.7.1 contains a cross-site scripting vulnerability. It does not sanitize and escape the room parameter before outputting it back in an admin page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of th...

6.1CVSS6.5AI score0.01618EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday29 views

ND Booking < 2.5 - Unauthenticated Options Change

The Hotel Booking WordPress plugin ND Booking 2.5 was affected by an Unauthenticated Options Change security vulnerability. id: CVE-2019-15774 info: name: ND Booking 2.5 - Unauthenticated Options Change author: popcorn94 severity: medium description: | The Hotel Booking WordPress plugin ND Bookin...

6.1CVSS6.4AI score0.01731EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday117 views

WordPress Booking Calendar <3.2.2 - Arbitrary File Upload

WordPress Booking Calendar plugin before 3.2.2 is susceptible to arbitrary file upload possibly leading to remote code execution. The plugin does not validate uploaded files, which can allow an attacker to upload arbitrary files, such as PHP, and potentially obtain sensitive information, modify...

9.8CVSS7.3AI score0.04493EPSS
Exploits2References4
Rows per page
Query Builder