Lucene search
K

19 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.10 views

CVE-2026-5693

The Smart Appointment & Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and a nonce validation logic flaw in the saabcancelbooking function in all versions up to, and including, 1.0.8. The nonce check uses && AND instead of || OR,...

5.3CVSS5.5AI score0.00228EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/12 9:31 a.m.38 views

EUVD-2026-29399

The Smart Appointment & Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and a nonce validation logic flaw in the saabcancelbooking function in all versions up to, and including, 1.0.8. The nonce check uses && AND instead of || OR,...

5.3CVSS5.9AI score0.00228EPSS
Exploits0References5
CVE
CVE
added 2026/05/12 7:48 a.m.21 views

CVE-2026-5693

CVE-2026-5693: The WordPress plugin Smart Appointment & Booking (versions ≤ 1.0.8) is vulnerable to unauthorized data modification due to a missing capability check and a faulty nonce validation in saab_cancel_booking(). The nonce check uses AND (&&) instead of OR (||), allowing unauthenticated a...

5.3CVSS5.9AI score0.00228EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/12 7:48 a.m.6 views

CVE-2026-5693

The Smart Appointment & Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and a nonce validation logic flaw in the saabcancelbooking function in all versions up to, and including, 1.0.8. The nonce check uses && AND instead of || OR,...

5.3CVSS5.9AI score0.00228EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

WordPress plugin Smart Appointment & Booking 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

5.3CVSS6AI score0.00228EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-25347

Malicious code in bioql PyPI...

9.8CVSS6.5AI score0.00774EPSS
Exploits2References4
RedhatCVE
RedhatCVE
added 2025/08/22 12:22 a.m.18 views

CVE-2025-55444

A SQL injection vulnerability exists in the id2 parameter of the cancelbooking.php page in Online Artwork and Fine Arts MCA Project 1.0. A remote attacker can inject arbitrary SQL queries, leading to database enumeration and potential remote code execution...

9.8CVSS8.7AI score0.00774EPSS
Exploits2References1
NVD
NVD
added 2025/08/20 5:15 p.m.5 views

CVE-2025-55444

A SQL injection vulnerability exists in the id2 parameter of the cancelbooking.php page in Online Artwork and Fine Arts MCA Project 1.0. A remote attacker can inject arbitrary SQL queries, leading to database enumeration and potential remote code execution...

9.8CVSS0.00774EPSS
Exploits2References4
OSV
OSV
added 2025/08/20 5:15 p.m.5 views

CVE-2025-55444

A SQL injection vulnerability exists in the id2 parameter of the cancelbooking.php page in Online Artwork and Fine Arts MCA Project 1.0. A remote attacker can inject arbitrary SQL queries, leading to database enumeration and potential remote code execution...

9.8CVSS6.3AI score0.00774EPSS
Exploits2References4
Vulnrichment
Vulnrichment
added 2025/08/20 12:0 a.m.4 views

CVE-2025-55444

A SQL injection vulnerability exists in the id2 parameter of the cancelbooking.php page in Online Artwork and Fine Arts MCA Project 1.0. A remote attacker can inject arbitrary SQL queries, leading to database enumeration and potential remote code execution...

8.8AI score0.00774EPSS
Exploits2References4
Cvelist
Cvelist
added 2025/08/20 12:0 a.m.9 views

CVE-2025-55444

A SQL injection vulnerability exists in the id2 parameter of the cancelbooking.php page in Online Artwork and Fine Arts MCA Project 1.0. A remote attacker can inject arbitrary SQL queries, leading to database enumeration and potential remote code execution...

0.00774EPSS
Exploits2References4
CVE
CVE
added 2025/08/20 12:0 a.m.24 views

CVE-2025-55444

The CVE-2025-55444 entry affects Online Artwork and Fine Arts MCA Project 1.0, with a vulnerability in the parameter of cancel_booking.php that allows SQL injection. The root cause is unsanitized user input in the parameter, enabling arbitrary SQL queries, leading to database enumeration and po...

9.8CVSS8.8AI score0.00774EPSS
Exploits2References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/08/20 12:0 a.m.8 views

PT-2025-34122 · Unknown · Online Artwork/Fine Arts Mca Project

Name of the Vulnerable Software and Affected Versions: Online Artwork and Fine Arts MCA Project version 1.0 Description: A SQL injection vulnerability exists in the id2 parameter of the cancel booking.php page. A remote attacker can inject arbitrary SQL queries, leading to database enumeration an...

9.8CVSS7.8AI score0.00774EPSS
Exploits2References8
CNNVD
CNNVD
added 2025/08/20 12:0 a.m.3 views

Online Artwork and Fine Arts 安全漏洞

Online Artwork and Fine Arts is an online artwork display box selling project by the individual developer Vishal Mathur. A security vulnerability exists in Online Artwork and Fine Arts version 1.0, which stems from a SQL injection in the id2 parameter of the cancelbooking.php page, which could le...

9.8CVSS8.4AI score0.00774EPSS
Exploits2References6
GithubExploit
GithubExploit
added 2025/08/19 11:1 a.m.115 views

Exploit for CVE-2025-55444

CVE Reports by Anudeep Kadambala This repository contains det...

9.8CVSS8.9AI score0.00774EPSS
Exploits2
NVD
NVD
added 2023/04/24 7:15 p.m.28 views

CVE-2023-1129

The WP FEvents Book WordPress plugin through 0.46 does not ensures that bookings to be updated belong to the user making the request, allowing any authenticated user to book, add notes, or cancel booking on behalf of other users...

6.5CVSS6.4AI score0.00555EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/01/10 12:0 a.m.24 views

CVE-2022-45164

An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application allows a basic user to cancel delete a booking, created by someone else - even if this basic user is not a member of the booking...

4.3CVSS4.9AI score0.00411EPSS
Exploits0References2
OSV
OSV
added 2020/11/12 2:15 p.m.5 views

CVE-2020-27481

An unauthenticated SQL Injection vulnerability in Good Layers LMS Plugin = 2.1.4 exists due to the usage of "wpajaxnopriv" call in WordPress, which allows any unauthenticated user to get access to the function "gdlrlmscancelbooking" where POST Parameter "id" was sent straight into SQL query witho...

9.8CVSS7.4AI score0.1064EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2020/10/10 12:0 a.m.4 views

VulnCheck KEV: CVE-2020-27481

An unauthenticated SQL Injection vulnerability in Good Layers LMS Plugin = 2.1.4 exists due to the usage of "wpajaxnopriv" call in WordPress, which allows any unauthenticated user to get access to the function "gdlrlmscancelbooking" where POST Parameter "id" was sent straight into SQL query...

9.8CVSS7.4AI score0.1064EPSS
Exploits2References1
Rows per page
Query Builder