13 matches found
CVE-2026-3576
CVE-2026-3576 affects the Planyo Online Reservation System plugin for WordPress (versions up to 3.0). The flaw is an unauthenticated Server-Side Request Forgery via the ulap_url AJAX proxy (ulap.php). The allowlist checks a host (e.g., localhost) but does not validate the URL scheme, allowing a c...
EUVD-2026-43137
The Planyo Online Reservation System plugin for WordPress is vulnerable to Server-Side Request Forgery leading to Local File Inclusion in all versions up to, and including, 3.0. The ulap.php file acts as an AJAX proxy and is directly accessible without WordPress bootstrapping or any authenticatio...
EUVD-2025-9226
Malicious code in bioql PyPI...
CVE-2025-31811
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in xtreeme Planyo online reservation system planyo-online-reservation-system allows Stored XSS.This issue affects Planyo online reservation system: from n/a through = 3.1...
WordPress Planyo online reservation system plugin <= 3.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by muhammad yudha in WordPress Plugin Planyo online reservation system versions = 3.0...
CVE-2025-31811
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in xtreeme Planyo online reservation system planyo-online-reservation-system allows Stored XSS.This issue affects Planyo online reservation system: from n/a through = 3.1...
CVE-2025-31811 WordPress Planyo online reservation system plugin <= 3.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in xtreeme Planyo online reservation system allows Stored XSS. This issue affects Planyo online reservation system: from n/a through 3.0...
CVE-2025-31811 WordPress Planyo online reservation system plugin <= 3.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in xtreeme Planyo online reservation system planyo-online-reservation-system allows Stored XSS.This issue affects Planyo online reservation system: from n/a through = 3.1...
CVE-2025-31811
CVE-2025-31811 describes a Stored Cross-Site Scripting vulnerability in the Planyo online reservation system (Planyo) WordPress plugin up to version 3.0. The issue arises from improper neutralization of input during web page generation, allowing stored XSS. Affected product: Planyo online reserva...
PT-2025-14193 · Xtreme · Planyo
Name of the Vulnerable Software and Affected Versions: xtreeme Planyo online reservation system versions n/a through 3.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that a...
WordPress plugin Planyo online reservation system 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...
planyo.com Cross Site Scripting vulnerability OBB-3067450
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Booking System for Planyo Multiple VUlnerabilty
Exploit for php platform in category web applications =============================================== Booking System for Planyo Multiple VUlnerabilty =============================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 ...