19 matches found
CVE-2026-5693
The Smart Appointment & Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and a nonce validation logic flaw in the saabcancelbooking function in all versions up to, and including, 1.0.8. The nonce check uses && AND instead of || OR,...
EUVD-2026-29399
The Smart Appointment & Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and a nonce validation logic flaw in the saabcancelbooking function in all versions up to, and including, 1.0.8. The nonce check uses && AND instead of || OR,...
CVE-2026-5693
CVE-2026-5693: The WordPress plugin Smart Appointment & Booking (versions ≤ 1.0.8) is vulnerable to unauthorized data modification due to a missing capability check and a faulty nonce validation in saab_cancel_booking(). The nonce check uses AND (&&) instead of OR (||), allowing unauthenticated a...
CVE-2026-5693
The Smart Appointment & Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and a nonce validation logic flaw in the saabcancelbooking function in all versions up to, and including, 1.0.8. The nonce check uses && AND instead of || OR,...
WordPress plugin Smart Appointment & Booking 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...
EUVD-2025-25347
Malicious code in bioql PyPI...
CVE-2025-55444
A SQL injection vulnerability exists in the id2 parameter of the cancelbooking.php page in Online Artwork and Fine Arts MCA Project 1.0. A remote attacker can inject arbitrary SQL queries, leading to database enumeration and potential remote code execution...
CVE-2025-55444
A SQL injection vulnerability exists in the id2 parameter of the cancelbooking.php page in Online Artwork and Fine Arts MCA Project 1.0. A remote attacker can inject arbitrary SQL queries, leading to database enumeration and potential remote code execution...
CVE-2025-55444
A SQL injection vulnerability exists in the id2 parameter of the cancelbooking.php page in Online Artwork and Fine Arts MCA Project 1.0. A remote attacker can inject arbitrary SQL queries, leading to database enumeration and potential remote code execution...
CVE-2025-55444
A SQL injection vulnerability exists in the id2 parameter of the cancelbooking.php page in Online Artwork and Fine Arts MCA Project 1.0. A remote attacker can inject arbitrary SQL queries, leading to database enumeration and potential remote code execution...
CVE-2025-55444
A SQL injection vulnerability exists in the id2 parameter of the cancelbooking.php page in Online Artwork and Fine Arts MCA Project 1.0. A remote attacker can inject arbitrary SQL queries, leading to database enumeration and potential remote code execution...
CVE-2025-55444
The CVE-2025-55444 entry affects Online Artwork and Fine Arts MCA Project 1.0, with a vulnerability in the parameter of cancel_booking.php that allows SQL injection. The root cause is unsanitized user input in the parameter, enabling arbitrary SQL queries, leading to database enumeration and po...
PT-2025-34122 · Unknown · Online Artwork/Fine Arts Mca Project
Name of the Vulnerable Software and Affected Versions: Online Artwork and Fine Arts MCA Project version 1.0 Description: A SQL injection vulnerability exists in the id2 parameter of the cancel booking.php page. A remote attacker can inject arbitrary SQL queries, leading to database enumeration an...
Online Artwork and Fine Arts 安全漏洞
Online Artwork and Fine Arts is an online artwork display box selling project by the individual developer Vishal Mathur. A security vulnerability exists in Online Artwork and Fine Arts version 1.0, which stems from a SQL injection in the id2 parameter of the cancelbooking.php page, which could le...
Exploit for CVE-2025-55444
CVE Reports by Anudeep Kadambala This repository contains det...
CVE-2023-1129
The WP FEvents Book WordPress plugin through 0.46 does not ensures that bookings to be updated belong to the user making the request, allowing any authenticated user to book, add notes, or cancel booking on behalf of other users...
CVE-2022-45164
An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application allows a basic user to cancel delete a booking, created by someone else - even if this basic user is not a member of the booking...
CVE-2020-27481
An unauthenticated SQL Injection vulnerability in Good Layers LMS Plugin = 2.1.4 exists due to the usage of "wpajaxnopriv" call in WordPress, which allows any unauthenticated user to get access to the function "gdlrlmscancelbooking" where POST Parameter "id" was sent straight into SQL query witho...
VulnCheck KEV: CVE-2020-27481
An unauthenticated SQL Injection vulnerability in Good Layers LMS Plugin = 2.1.4 exists due to the usage of "wpajaxnopriv" call in WordPress, which allows any unauthenticated user to get access to the function "gdlrlmscancelbooking" where POST Parameter "id" was sent straight into SQL query...