6 matches found
CVE-2025-67581 WordPress TrueBooker plugin <= 1.1.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in themetechmount TrueBooker truebooker-appointment-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TrueBooker: from n/a through = 1.1.0...
WordPress Booking Calendar Contact Form Plugin Missing Authorization Vulnerability
WordPress Booking Calendar Contact Form Plugin is a tool for creating contact forms with booking calendar functionality, supporting date selection, price configuration, PayPal payment integration, etc. for hotel and event booking scenarios. The WordPress Booking Calendar Contact Form Plugin suffe...
WordPress plugin Booking Calendar Contact Form 安全漏洞
WordPress Booking Calendar Contact Form Plugin is a tool for creating contact forms with booking calendar functionality, supporting date selection, price configuration, PayPal payment integration, etc. for hotel and event booking scenarios. The WordPress Booking Calendar Contact Form Plugin suffe...
CVE-2023-1129
The WP FEvents Book WordPress plugin through 0.46 does not ensures that bookings to be updated belong to the user making the request, allowing any authenticated user to book, add notes, or cancel booking on behalf of other users...
CVE-2023-4252 EventPrime <= 3.2.9 - Booking Pricing Bypass
The EventPrime WordPress plugin through 3.2.9 specifies the price of a booking in the client request, allowing an attacker to purchase bookings without payment...
CVE-2023-4251
The CVE-2023-4251 entry concerns the EventPrime WordPress plugin, specifically versions prior to 3.2.0. The issue is a missing CSRF check when creating bookings, allowing an attacker to induce logged-in users to create bookings via CSRF exploitation. Impact is described as enabling unwanted booki...