Lucene search
K

4 matches found

EUVD
EUVD
added 2026/07/02 8:33 a.m.6 views

EUVD-2026-41261

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.6.2 via the 'serviceid' parameter due to missing validation on a user controlled key. This makes it possible for...

5.3CVSS5.8AI score0.00381EPSS
Exploits0References12
CVE
CVE
added 2026/07/02 8:33 a.m.15 views

CVE-2026-12657

The CVE-2026-12657 entry concerns the WordPress LatePoint Calendar Booking Plugin (versions up to and including 5.6.2). The vulnerability is an Insecure Direct Object Reference exposed via user-controlled keys in two publicly accessible parameters: params[booking][service_id] in steps__load_step ...

5.3CVSS5.8AI score0.00381EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.26 views

PT-2026-39954

The Smart Appointment & Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and a nonce validation logic flaw in the saab cancel booking function in all versions up to, and including, 1.0.8. The nonce check uses && AND instead of || OR...

5.3CVSS5.9AI score0.00228EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/11/22 7:29 a.m.4 views

CVE-2025-13317 Appointment Booking Calendar <= 1.3.96 - Missing Authorization to Arbitrary Booking Confirmation via 'cpabc_ipncheck' Parameter

The Appointment Booking Calendar plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.3.96. This is due to the plugin exposing an unauthenticated booking processing endpoint cpabcappointmentscheckIPNverification that trusts attacker-supplied payment...

5.3CVSS5.7AI score0.00249EPSS
Exploits0References5
Rows per page
Query Builder