Lucene search
+L

4 matches found

redhatcve
redhatcve
added 2026/01/13 10:53 p.m.6 views

CVE-2025-14146

The Booking Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 10.14.10 via the WPBCFLEXTIMELINENAV AJAX action. This is due to the nonce verification being conditionally disabled by default bookingisnonceatfrontend option is 'Off' ...

5.3CVSS6.2AI score0.00337EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/01/09 7:22 a.m.3 views

CVE-2025-14146 Booking Calendar <= 10.14.10 - Unauthenticated Sensitive Information Exposure

The Booking Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 10.14.10 via the WPBCFLEXTIMELINENAV AJAX action. This is due to the nonce verification being conditionally disabled by default bookingisnonceatfrontend option is 'Off' ...

5.3CVSS5.8AI score0.00337EPSS
Exploits0References6
cvelist
cvelist
added 2026/01/09 7:22 a.m.31 views

CVE-2025-14146 Booking Calendar <= 10.14.10 - Unauthenticated Sensitive Information Exposure

The Booking Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 10.14.10 via the WPBCFLEXTIMELINENAV AJAX action. This is due to the nonce verification being conditionally disabled by default bookingisnonceatfrontend option is 'Off' ...

5.3CVSS0.00337EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/01/09 12:0 a.m.9 views

PT-2026-1731

Name of the Vulnerable Software and Affected Versions Booking Calendar versions prior to 10.14.11 Description The Booking Calendar plugin for WordPress is susceptible to sensitive information exposure via the WPBC FLEXTIMELINE NAV AJAX action. This occurs because nonce verification is conditional...

5.3CVSS6.2AI score0.00337EPSS
Exploits0References10
Rows per page
Query Builder