Lucene search
K

46 matches found

NVD
NVD
added 4 days ago8 views

CVE-2026-12433

The Hydra Booking – Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.2.1 via the /wp-json/hydra-booking/v1/booking/details/id REST endpoint. This is due to the getBookingDetails callback only...

4.3CVSS0.00435EPSS
Exploits0References10
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-42550

The Hydra Booking – Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.2.1 via the /wp-json/hydra-booking/v1/booking/details/id REST endpoint. This is due to the getBookingDetails callback only...

4.3CVSS5.9AI score0.00435EPSS
Exploits0References10
Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-12433 Hydra Booking <= 1.2.1 - Authenticated (Custom+) Insecure Direct Object Reference to Sensitive Information Exposure via 'booking_id' Parameter

The Hydra Booking – Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.2.1 via the /wp-json/hydra-booking/v1/booking/details/id REST endpoint. This is due to the getBookingDetails callback only...

4.3CVSS0.00435EPSS
Exploits0References10
CVE
CVE
added 4 days ago13 views

CVE-2026-12433

The CVE describes a vulnerability in the Hydra Booking WordPress plugin (versions up to 1.2.1) where an Insecure Direct Object Reference in the /wp-json/hydra-booking/v1/booking/details/{id} endpoint allows authenticated hosts with the tfhb_manage_options capability to view booking records from o...

4.3CVSS5.9AI score0.00435EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 4 days ago7 views

CVE-2026-12433

The Hydra Booking – Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.2.1 via the /wp-json/hydra-booking/v1/booking/details/id REST endpoint. This is due to the getBookingDetails callback only...

4.3CVSS5.9AI score0.00435EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 2026/04/23 8:10 p.m.3 views

CVE-2026-6376

A weakness in SpiceJet’s public booking retrieval page permits full passenger booking details to be accessed using only a PNR and last name, with no authentication or verification mechanisms. This results in exposure of extensive personal, travel, and booking metadata to any unauthenticated user...

8.7CVSS5.7AI score0.00497EPSS
Exploits0References2
CVE
CVE
added 2026/02/12 2:23 a.m.20 views

CVE-2026-1537

CVE-2026-1537 pertains to the WordPress plugin LatePoint – Calendar Booking Plugin for Appointments and Events. The vulnerability is an missing authorization to booking details exposure in all versions up to and including 5.2.6, enabling unauthenticated attackers to view sensitive booking data (c...

5.3CVSS5.5AI score0.00244EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/12 2:23 a.m.5 views

CVE-2026-1537 LatePoint – Calendar Booking Plugin for Appointments and Events <= 5.2.6 - Missing Authorization to Booking Details Exposure

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the loadstep function in all versions up to, and including, 5.2.6. This makes it possible for unauthenticated attackers to vie...

5.3CVSS5.5AI score0.00244EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/02/11 11:27 p.m.7 views

WordPress LatePoint - Calendar Booking Plugin for Appointments and Events plugin <= 5.2.6 - Missing Authorization to Booking Details Exposure vulnerability

WordPress LatePoint - Calendar Booking Plugin for Appointments and Events plugin = 5.2.6 - Missing Authorization to Booking Details Exposure vulnerability discovered by Chiao-Lin Yu Steven Meow - Trend Micro in WordPress Plugin LatePoint versions = 5.2.6...

5.3CVSS5.5AI score0.00244EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/30 10:0 p.m.7 views

WordPress Booking Calendar plugin <= 10.14.13 - Missing Authorization to Unauthenticated Booking Details Exposure vulnerability

Missing Authorization to Unauthenticated Booking Details Exposure vulnerability discovered by type5afe in WordPress Plugin Booking Calendar versions = 10.14.13...

5.3CVSS5.9AI score0.00264EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/01/06 8:21 a.m.29 views

CVE-2025-5919 Appointment Booking and Scheduling Calendar Plugin – WP Timetics <= 1.0.36 - Missing Authorization to Unauthenticated Booking Details View And Modification

The Appointment Booking and Scheduling Calendar Plugin – WP Timetics plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the update and registerroutes functions in all versions up to, and including, 1.0.36. This makes it possible...

6.5CVSS0.0021EPSS
Exploits0References3
CVE
CVE
added 2026/01/06 8:21 a.m.23 views

CVE-2025-5919

CVE-2025-5919 affects the WordPress plugin “Appointment Booking Calendar – WP Timetics Booking Plugin.” The vulnerability stems from a missing capability check in the update and register_routes functions across versions up to 1.0.36, allowing unauthenticated attackers to view and modify booking d...

6.5CVSS5AI score0.0021EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/01/06 8:13 a.m.7 views

WordPress Timetics plugin <= 1.0.36 - Missing Authorization to Unauthenticated Booking Details View And Modification vulnerability

Missing Authorization to Unauthenticated Booking Details View And Modification vulnerability discovered by greenhats - Student in WordPress Plugin Timetics versions = 1.0.36...

6.5CVSS6.8AI score0.0021EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-51693

Malicious code in bioql PyPI...

5.3CVSS5.6AI score0.00669EPSS
Exploits2References1
OSV
OSV
added 2025/05/31 12:15 p.m.3 views

CVE-2025-4691

The Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.21 via the 'viewrequestdetails' due to missing validation on a user controlled key. This makes it...

5.3CVSS5.8AI score0.00279EPSS
Exploits0References5
NVD
NVD
added 2025/05/31 12:15 p.m.12 views

CVE-2025-4691

The Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.21 via the 'viewrequestdetails' due to missing validation on a user controlled key. This makes it...

5.3CVSS0.00279EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/05/14 11:12 a.m.21 views

CVE-2025-3769 Latepoint <= 5.1.92 - Unauthenticated Insecure Direct Object Reference

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.92 via the 'viewbookingsummaryinlightbox' due to missing validation on a user controlled key. This makes it possible...

5.3CVSS0.00286EPSS
Exploits0References3
OSV
OSV
added 2025/05/01 9:15 a.m.4 views

CVE-2025-4157

A vulnerability was found in PHPGurukul Boat Booking System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/booking-details.php. The manipulation of the argument Status leads to sql injection. The attack may be initiated remotely. The exploit has been...

8.8CVSS5.8AI score0.00356EPSS
Exploits1References5
CVE
CVE
added 2025/05/01 8:31 a.m.62 views

CVE-2025-4157

CVE-2025-4157 affects PHPGurukul Boat Booking System 1.0, specifically the "/admin/booking-details.php" endpoint. The vulnerability arises from improper handling of the \

8.8CVSS6.8AI score0.00356EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2025/05/01 12:0 a.m.4 views

PHPGurukul Boat Booking System 注入漏洞

PHPGurukul Boat Booking System is a boat booking system from PHPGurukul. An injection vulnerability exists in version 1.0 of the PHPGurukul Boat Booking System, which stems from SQL injection due to incorrect manipulation of the parameter Status in the file /admin/booking-details.php...

8.8CVSS6.9AI score0.00356EPSS
Exploits1References5
Rows per page
Query Builder