152 matches found
CVE-2026-13454
The MotoPress Appointment Booking plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 2.4.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
CVE-2026-13454 MotoPress Appointment Booking <= 2.4.5 - Authenticated (Staff+) SQL Injection via 's' Parameter
The MotoPress Appointment Booking plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 2.4.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
CVE-2026-13454
CVE-2026-13454 affects MotoPress Appointment Booking for WordPress (
Hotel Booking Lite < 4.8.5 - Arbitrary File Download & Deletion
The Hotel Booking Lite WordPress plugin before 4.8.5 does not validate file paths provided via user input, as well as does not have proper CSRF and authorisation checks, allowing unauthenticated users to download and delete arbitrary files on the server id: CVE-2023-5991 info: name: Hotel Booking...
WordPress MotoPress Appointment Booking plugin <= 2.4.5 - Authenticated (Staff+) SQL Injection vulnerability
Authenticated Staff+ SQL Injection vulnerability discovered by MatilJ in WordPress Plugin MotoPress Appointment Booking versions = 2.4.5...
EUVD-2025-210352
Subscriber Broken Access Control in Restaurant Menu by MotoPress = 2.4.11 versions...
CVE-2026-57644
Contributor SQL Injection in Restaurant Menu by MotoPress = 2.4.10 versions...
CVE-2025-63078
Subscriber Broken Access Control in Restaurant Menu by MotoPress = 2.4.11 versions...
CVE-2026-57644 WordPress Restaurant Menu by MotoPress plugin <= 2.4.10 - SQL Injection vulnerability
Contributor SQL Injection in Restaurant Menu by MotoPress = 2.4.10 versions...
CVE-2026-57644
CVE-2026-57644 describes a SQL Injection in the WordPress plugin “Restaurant Menu by MotoPress” for versions
CVE-2025-63078
The CVE-2025-63078 entry concerns the WordPress plugin “Restaurant Menu by MotoPress” (MotoPress) <= 2.4.11. Affected component is the plugin’s access control mechanism, with root cause described as Broken Access Control. The vulnerability is reported to affect users of the plugin in WordPress...
CVE-2025-63078 WordPress Restaurant Menu by MotoPress plugin <= 2.4.11 - Broken Access Control vulnerability
Subscriber Broken Access Control in Restaurant Menu by MotoPress = 2.4.11 versions...
WordPress Restaurant Menu by MotoPress plugin <= 2.4.11 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by daroo in WordPress Plugin Restaurant Menu by MotoPress versions = 2.4.11...
WordPress Restaurant Menu by MotoPress plugin <= 2.4.10 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Baikuya in WordPress Plugin Restaurant Menu by MotoPress versions = 2.4.10...
CVE-2026-9228
The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.16 via the actiongeteventdata due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...
CVE-2026-9228
The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.16 via the actiongeteventdata due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...
CVE-2026-9228
The Timetable and Event Schedule by MotoPress plugin for WordPress (MP Timetable) is affected by an Insecure Direct Object Reference vulnerability (CVE-2026-9228) in all versions up to 2.4.16. The root cause is missing validation on a user-controlled key in the action_get_event_data endpoint, ena...
EUVD-2026-32705
The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.16 via the actiongeteventdata due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...
PT-2026-44180
The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.16 via the action get event data due to missing validation on a user controlled key. This makes it possible for authenticated attackers,...
WordPress plugin Timetable and Event Schedule by MotoPress 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...