EUVD-2026-26006

The Booking Package plugin for WordPress is vulnerable to Price Manipulation in versions up to, and including, 1.7.06 This is due to the intentForStripe function passing user-controlled $POST'amount' directly to the Stripe PaymentIntent API without validation, and the commitStripe function ignori...

CVE-2022-0709

The Booking Package WordPress plugin before 1.5.29 requires a token for exporting the ical representation of it's booking calendar, but this token is returned in the json response to unauthenticated users performing a booking, leading to a sensitive data disclosure vulnerability...

Malicious code in eslint-plugin-ignite-carina-hydra (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d58af40063be0cd212eab0096cb411052d426f2505714f8cdd21598a657b746 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2023-43616

Malicious code in bioql PyPI...

CVE-2023-5664

The Garden Gnome Package plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ggpkg' shortcode in all versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

CVE-2024-13508

The Booking Package plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the locale parameter in all versions up to, and including, 1.6.72 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2024-13508 Booking Package <= 1.6.72 - Reflected Cross-Site Scripting via Locale Parameter

The Booking Package plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the locale parameter in all versions up to, and including, 1.6.72 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2024-13508

CVE-2024-13508 affects Booking Package for WordPress. It enables a Reflected Cross-Site Scripting (XSS) via the locale parameter in all versions up to and including 1.6.72 due to insufficient input sanitization/output escaping. The vulnerability is unauthenticated and can be triggered when a user...

CVE-2023-39918

CVE-2023-39918 affects the SAASPROJECT Booking Package WordPress plugin (versions

Jenkins Plugin Package 跨站脚本漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Plugin is an application software. A cross-site scripting...

WordPress Booking Package plugin <= 1.5.10 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Gen Sato Mitsui Bussan Secure Directions, Inc in WordPress Booking Package plugin versions = 1.5.10. Solution Update the WordPress Booking Package plugin to the latest available version at least 1.5.11...

Default configuration

Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 shipped with an MCollective configuration that allowed the package plugin to install or remove arbitrary packages on all managed agents. This release adds default configuration to not allow these actions. Customers who rely on this...

CVE-2017-2293

Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 shipped with an MCollective configuration that allowed the package plugin to install or remove arbitrary packages on all managed agents. This release adds default configuration to not allow these actions. Customers who rely on this...

CVE-2017-2293

CVE-2017-2293 affects Puppet Enterprise prior to 2016.4.5 or 2017.2.1, where MCollective configuration allowed the package plugin to install or remove arbitrary packages on all managed agents. The issue arises from an insecure default configuration that permits package management actions via MCol...

CVE-2017-2293

Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 shipped with an MCollective configuration that allowed the package plugin to install or remove arbitrary packages on all managed agents. This release adds default configuration to not allow these actions. Customers who rely on this...