Lucene search
K

5 matches found

CNNVD
CNNVD
added 2026/05/02 12:0 a.m.13 views

WordPress plugin Salon Booking System – Free Version 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

7.5CVSS5.9AI score0.00373EPSS
Exploits0References1
NVD
NVD
added 2026/04/23 9:16 p.m.7 views

CVE-2026-6376

A weakness in SpiceJet’s public booking retrieval page permits full passenger booking details to be accessed using only a PNR and last name, with no authentication or verification mechanisms. This results in exposure of extensive personal, travel, and booking metadata to any unauthenticated user...

8.7CVSS0.00497EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.5 views

PT-2026-34750

Name of the Vulnerable Software and Affected Versions SpiceJet public booking retrieval page affected versions not specified Description Improper access control on a sensitive data retrieval function in the public booking retrieval page allows unauthenticated users to access full passenger bookin...

8.7CVSS5.9AI score0.00497EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 9:16 a.m.4 views

CVE-2025-14352

The Awesome Hotel Booking plugin for WordPress is vulnerable to unauthorized modification of data due to incorrect authorization in the room-single.php shortcode handler in all versions up to, and including, 1.0.3. This is due to the plugin relying solely on nonce verification without capability...

5.3CVSS6AI score0.00236EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/07 9:20 a.m.23 views

CVE-2025-14352 Awesome Hotel Booking <= 1.0.3 - Incorrect Authorization to Unauthenticated Arbitrary Booking Modification

The Awesome Hotel Booking plugin for WordPress is vulnerable to unauthorized modification of data due to incorrect authorization in the room-single.php shortcode handler in all versions up to, and including, 1.0.3. This is due to the plugin relying solely on nonce verification without capability...

5.3CVSS0.00236EPSS
Exploits0References2
Rows per page
Query Builder