Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Patchstack
Patchstackadded 2025/12/16 9:20 a.m.3 views

WordPress Booking Calendar plugin <= 10.14.8 - Unauthenticated SQL Injection via dates_to_check vulnerability

Unauthenticated SQL Injection via datestocheck vulnerability discovered by Marcin Dudek dudekmar - CERT.PL in WordPress Plugin Booking Calendar versions = 10.14.8...

7.5CVSS7.8AI score0.00093EPSS
Exploits0References1Affected Software1
NVD
NVDadded 2025/12/15 3:15 p.m.1 views

CVE-2025-14383

The Booking Calendar plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'datestocheck' parameter in all versions up to, and including, 10.14.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

7.5CVSS0.00093EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/12/15 2:25 p.m.1 views

CVE-2025-14383 Booking Calendar <= 10.14.8 - Unauthenticated SQL Injection via dates_to_check

The Booking Calendar plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'datestocheck' parameter in all versions up to, and including, 10.14.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

7.5CVSS6.4AI score0.00093EPSS
Exploits0References2
Cvelist
Cvelistadded 2025/12/15 2:25 p.m.22 views

CVE-2025-14383 Booking Calendar <= 10.14.8 - Unauthenticated SQL Injection via dates_to_check

The Booking Calendar plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'datestocheck' parameter in all versions up to, and including, 10.14.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

7.5CVSS0.00093EPSS
Exploits0References2
CVE
CVEadded 2025/12/15 2:25 p.m.15 views

CVE-2025-14383

CVE-2025-14383 : Booking Calendar for WordPress is vulnerable to unauthenticated time-based SQL Injection via the dates_to_check parameter in all versions up to 10.14.8 due to insufficient escaping in user input and query construction. This can allow extraction of sensitive data from the database...

7.5CVSS6.4AI score0.00093EPSS
Exploits0References2
CNNVD
CNNVDadded 2025/12/15 12:0 a.m.0 views

WordPress plugin Booking Calendar SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL injection...

7.5CVSS7.6AI score0.00093EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2025/12/15 12:0 a.m.2 views

PT-2025-51230

The Booking Calendar plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'dates to check' parameter in all versions up to, and including, 10.14.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

7.5CVSS6.8AI score0.00093EPSS
Exploits0References3
Rows per page
Query Builder