CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

Patchstack•added 2025/12/31 12:0 a.m.•4 views

WordPress Fluent Booking - The Ultimate Appointments Scheduling, Events Booking, Events Calendar Solution plugin <= 1.9.11 - Authenticated (Subscriber+) Missing Authorization to Calendar Import and Management vulnerability

WordPress Fluent Booking - The Ultimate Appointments Scheduling, Events Booking, Events Calendar Solution plugin = 1.9.11 - Authenticated Subscriber+ Missing Authorization to Calendar Import and Management vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPre...

4.3CVSS5.5AI score0.00036EPSS

Exploits0References1Affected Software1

NVD•added 2025/12/03 2:15 p.m.•2 views

CVE-2025-13756

The Fluent Booking plugin for WordPress is vulnerable to unauthorized calendar import and management due to a missing capability check on the "importCalendar" function in all versions up to, and including, 1.9.11. This makes it possible for authenticated attackers, with subscriber level access an...

4.3CVSS0.00036EPSS

Exploits0References2

EUVD•added 2025/12/03 1:52 p.m.•2 views

EUVD-2025-200975

4.3CVSS4.8AI score0.00036EPSS

Exploits0References3

CVE•added 2025/12/03 1:52 p.m.•10 views

CVE-2025-13756

CVE-2025-13756 affects Fluent Booking – The Ultimate Appointments Scheduling, Events Booking, Events Calendar Solution for WordPress up to version 1.9.11. The issue is an unauthorized calendar import/management capability due to a missing capability check in importCalendar, enabling authenticated...

4.3CVSS4.9AI score0.00036EPSS

Exploits0References2

CNNVD•added 2025/12/03 12:0 a.m.•3 views

WordPress plugin Fluent Booking 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

4.3CVSS6.3AI score0.00036EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-23460

Malicious code in bioql PyPI...

6.4CVSS6.5AI score0.00214EPSS

Exploits0References4

NVD•added 2025/08/03 4:15 a.m.•5 views

CVE-2025-52133

The Mocca Calendar application before 2.15 for XWiki allows XSS via a title upon calendar import...

6.4CVSS0.00214EPSS

Exploits0References4

Cvelist•added 2025/08/03 12:0 a.m.•9 views

CVE-2025-52133

The Mocca Calendar application before 2.15 for XWiki allows XSS via a title upon calendar import...

6.4CVSS0.00214EPSS

Exploits0References4

Vulnrichment•added 2025/08/03 12:0 a.m.•2 views

CVE-2025-52133

The Mocca Calendar application before 2.15 for XWiki allows XSS via a title upon calendar import...

6.4CVSS6AI score0.00214EPSS

Exploits0References4

Veracode•added 2020/12/31 2:16 a.m.•13 views

Server-Side Request Forgery (SSRF)

plone.app.event is vulnerable to server-side request forgery SSRF. An attacker with the Manager access is able to submit requests on behalf of the server via the calendar import settings using file://...

8.8CVSS4AI score0.00484EPSS

Exploits0References5Affected Software1