PT-2026-7813

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the load step function in all versions up to, and including, 5.2.6. This makes it possible for unauthenticated attackers to vi...

PT-2026-2445

The EventPrime - Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.7.0 via the REST API. This makes it possible for unauthenticated attackers to extract sensitive booking data including user names,...

CVE-2022-0920

The Salon booking system Free and Pro WordPress plugins before 7.6.3 do not have proper authorisation in some of its endpoints, which could allow customers to access all bookings and other customer's data...

CVE-2024-11134

The Eventer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'eventerexportbookingscsv' function in all versions up to, and including, 3.9.9. This makes it possible for authenticated attackers with subscriber-level permissions or above, to...

WordPress plugin Eventer 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-1623 · WordPress · Eventer

Name of the Vulnerable Software and Affected Versions: Eventer plugin for WordPress versions prior to 3.9.10 Description: The issue allows unauthorized access to data due to a missing capability check on the eventer export bookings csv function. This enables authenticated attackers with...