5 matches found
CVE-2026-1044
CVE-2026-1044 concerns the WordPress plugin Tennis Court Bookings (
CVE-2026-1044 Tennis Court Bookings <= 1.2.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via Admin Settings and Calendar Parameters
The Tennis Court Bookings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
CVE-2026-1044 Tennis Court Bookings <= 1.2.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via Admin Settings and Calendar Parameters
The Tennis Court Bookings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
WordPress Tennis Court Bookings plugin <= 1.2.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via Admin Settings and Calendar Parameters vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via Admin Settings and Calendar Parameters vulnerability discovered by 0x34rth in WordPress Plugin Tennis Court Bookings versions = 1.2.7...
CVE-2005-3024
Multiple SQL injection vulnerabilities in vBulletin 3.0.7 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 announcement parameter to announcement.php, the 2 threadforumid or 3 criteria parameters to thread.php, 4 userid parameter to user.php, the 5...