116 matches found
EUVD-2026-36994
Unauthenticated Cross Site Scripting XSS in WP Time Slots Booking Form = 1.2.46 versions...
CVE-2026-40791
Unauthenticated Cross Site Scripting XSS in WP Time Slots Booking Form = 1.2.46 versions...
EUVD-2026-36857
Subscriber SQL Injection in WP Time Slots Booking Form = 1.2.50 versions...
CVE-2026-48882 WordPress WP Time Slots Booking Form plugin <= 1.2.50 - SQL Injection vulnerability
Subscriber SQL Injection in WP Time Slots Booking Form = 1.2.50 versions...
CVE-2026-48882
CVE-2026-48882 is a SQL Injection vulnerability in WordPress Plugin WP Time Slots Booking Form (versions
CVE-2026-40791
CVE-2026-40791 affects the WordPress plugin WP Time Slots Booking Form (versions
CVE-2026-7332
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bookingformpageurl' parameter in all versions up to, and including, 5.5.0 due to insufficient input sanitization and output escaping. This makes it possib...
CVE-2026-6960
The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'bookingpressvalidatesubmittedbookingformfunc' function in all versions up to, and including, 5.6. This makes it possible for unauthenticated attackers to upload arbitrary...
WordPress WP Time Slots Booking Form plugin <= 1.2.50 - SQL Injection vulnerability
SQL Injection vulnerability discovered by xwii in WordPress Plugin WP Time Slots Booking Form versions = 1.2.50...
CVE-2026-6960
The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'bookingpressvalidatesubmittedbookingformfunc' function in all versions up to, and including, 5.6. This makes it possible for unauthenticated attackers to upload arbitrary...
PT-2026-42552
Name of the Vulnerable Software and Affected Versions BookingPress Pro versions prior to 5.7 Description The BookingPress Pro plugin for WordPress allows unauthenticated attackers to upload arbitrary files to the server, which may lead to remote code execution. This occurs due to missing file typ...
CVE-2026-7332
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bookingformpageurl' parameter in all versions up to, and including, 5.5.0 due to insufficient input sanitization and output escaping. This makes it possib...
CVE-2026-7332
The CVE affects the LatePoint WordPress plugin (Calendar Booking Plugin for Appointments and Events), up to version 5.5.0. The root cause is insufficient input sanitization and output escaping for the booking_form_page_url parameter, enabling unauthenticated stored XSS. Impact stated: arbitrary s...
CVE-2026-7332
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bookingformpageurl' parameter in all versions up to, and including, 5.5.0 due to insufficient input sanitization and output escaping. This makes it possib...
CVE-2026-7332 LatePoint <= 5.5.0 - Unauthenticated Stored Cross-Site Scripting via 'booking_form_page_url' Parameter
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bookingformpageurl' parameter in all versions up to, and including, 5.5.0 due to insufficient input sanitization and output escaping. This makes it possib...
CVE-2026-7332 LatePoint <= 5.5.0 - Unauthenticated Stored Cross-Site Scripting via 'booking_form_page_url' Parameter
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bookingformpageurl' parameter in all versions up to, and including, 5.5.0 due to insufficient input sanitization and output escaping. This makes it possib...
EUVD-2026-27540
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bookingformpageurl' parameter in all versions up to, and including, 5.5.0 due to insufficient input sanitization and output escaping. This makes it possib...
WordPress plugin LatePoint 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress WP Time Slots Booking Form plugin <= 1.2.46 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Daniel Wade in WordPress Plugin WP Time Slots Booking Form versions = 1.2.46...
CVE-2026-32432
Missing Authorization vulnerability in codepeople WP Time Slots Booking Form wp-time-slots-booking-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Time Slots Booking Form: from n/a through = 1.2.42...