Lucene search
K

33 matches found

NVD
NVD
added 2026/07/01 5:16 a.m.8 views

CVE-2026-12113

The Appointment Booking Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.02 via the cpabcappointmentsfilterlist. This makes it possible for authenticated attackers, with contributor-level access and above, to extract customer...

4.3CVSS0.00228EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.13 views

PT-2026-50840

Name of the Vulnerable Software and Affected Versions Appointment Booking Calendar versions prior to 1.4.5 Description The Appointment Booking Calendar plugin for WordPress contains a Stored Cross-Site Scripting issue caused by insufficient input sanitization and output escaping in custom booking...

6.4CVSS6AI score0.00193EPSS
Exploits0References11
NVD
NVD
added 2026/06/15 2:16 p.m.9 views

CVE-2016-20069

WordPress Booking Calendar Contact Form 1.0.23 contains an unauthenticated blind SQL injection vulnerability in the shortcode function that fails to sanitize the calendar parameter before using it in database queries. Attackers can inject SQL commands through the calendar shortcode parameter to...

8.8CVSS0.0024EPSS
Exploits0References3
NVD
NVD
added 2026/06/15 2:16 p.m.12 views

CVE-2016-20068

WordPress Booking Calendar Contact Form version 1.0.23 contains an unauthenticated blind SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send requests to the admin-ajax.php endpoint wit...

8.8CVSS0.00302EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/15 12:0 p.m.36 views

CVE-2016-20070 WordPress Booking Calendar Contact Form 1.0.23 Privilege Escalation Stored XSS

WordPress Booking Calendar Contact Form 1.0.23 contains privilege escalation and stored cross-site scripting vulnerabilities that allow authenticated users to modify plugin options and inject malicious scripts by failing to verify user privileges and sanitize input parameters. Attackers with...

6.4CVSS0.00231EPSS
Exploits0References3
CVE
CVE
added 2026/06/15 12:0 p.m.14 views

CVE-2016-20070

CVE-2016-20070 affects WordPress plug‑in Booking Calendar Contact Form 1.0.23 . The vulnerability comprises a privilege escalation and a stored XSS flaw that allows authenticated, subscriber‑level users to modify plugin options and inject XSS payloads. Payloads can be supplied via parameters such...

6.4CVSS5.3AI score0.00231EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/15 12:0 p.m.7 views

CVE-2016-20070 WordPress Booking Calendar Contact Form 1.0.23 Privilege Escalation Stored XSS

WordPress Booking Calendar Contact Form 1.0.23 contains privilege escalation and stored cross-site scripting vulnerabilities that allow authenticated users to modify plugin options and inject malicious scripts by failing to verify user privileges and sanitize input parameters. Attackers with...

6.4CVSS5.2AI score0.00231EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/15 12:0 p.m.6 views

CVE-2016-20069 WordPress Booking Calendar Contact Form 1.0.23 SQL Injection

WordPress Booking Calendar Contact Form 1.0.23 contains an unauthenticated blind SQL injection vulnerability in the shortcode function that fails to sanitize the calendar parameter before using it in database queries. Attackers can inject SQL commands through the calendar shortcode parameter to...

8.8CVSS6.1AI score0.0024EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/15 12:0 p.m.38 views

CVE-2016-20069 WordPress Booking Calendar Contact Form 1.0.23 SQL Injection

WordPress Booking Calendar Contact Form 1.0.23 contains an unauthenticated blind SQL injection vulnerability in the shortcode function that fails to sanitize the calendar parameter before using it in database queries. Attackers can inject SQL commands through the calendar shortcode parameter to...

8.8CVSS0.0024EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.14 views

PT-2026-49206

WordPress Booking Calendar Contact Form version 1.0.23 contains an unauthenticated blind SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send requests to the admin-ajax.php endpoint wit...

8.8CVSS6.2AI score0.00302EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/25 4:14 p.m.27 views

CVE-2026-25435 WordPress Booking calendar, Appointment Booking System plugin <= 3.2.36 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpdevart Booking calendar, Appointment Booking System booking-calendar allows Stored XSS.This issue affects Booking calendar, Appointment Booking System: from n/a through = 3.2.36...

7.1CVSS0.00175EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/02/18 8:58 p.m.8 views

WordPress Booking Calendar plugin <= 10.14.14 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Settings Modification vulnerability

Insecure Direct Object Reference to Authenticated Subscriber+ Arbitrary User Settings Modification vulnerability discovered by Tarcísio Luchesi De Almeida Silva Poystick in WordPress Plugin Booking Calendar versions = 10.14.14...

4.3CVSS5.5AI score0.0019EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/18 4:28 p.m.5 views

CVE-2026-2230

The Booking Calendar plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 10.14.14 via the handleajaxsave function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS5.5AI score0.0019EPSS
Exploits0References4
EUVD
EUVD
added 2026/01/31 4:35 a.m.6 views

EUVD-2026-5082

The Booking Calendar plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wpbcajaxWPBCFLEXTIMELINENAV function in all versions up to, and including, 10.14.13. This makes it possible for unauthenticated attackers to retrieve booking information...

5.3CVSS5.9AI score0.00264EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.5 views

WordPress Booking Calendar and Notification plugin <= 4.0.3 - Missing Authorization via wpcb_all_bookings, wpcb_update_booking_post, and wpcb_delete_posts Functions vulnerability

Missing Authorization via wpcballbookings, wpcbupdatebookingpost, and wpcbdeleteposts Functions vulnerability discovered by WordFence in WordPress Plugin Booking Calendar and Notification versions = 4.0.3...

6.5CVSS8.4AI score0.00324EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2025/11/25 12:0 a.m.2 views

WordPress Booking Calendar Contact Form Plugin Missing Authorization Vulnerability

WordPress Booking Calendar Contact Form Plugin is a tool for creating contact forms with booking calendar functionality, supporting date selection, price configuration, PayPal payment integration, etc. for hotel and event booking scenarios. The WordPress Booking Calendar Contact Form Plugin suffe...

5.3CVSS6.5AI score0.00265EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/13 9:24 a.m.2 views

CVE-2025-64381 WordPress Booking Calendar plugin <= 10.14.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpdevelop Booking Calendar booking allows Stored XSS.This issue affects Booking Calendar: from n/a through = 10.14.7...

6.5CVSS5.3AI score0.00134EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-24717

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00203EPSS
Exploits0References1
OSV
OSV
added 2025/02/12 8:15 a.m.3 views

CVE-2024-13821

The WP Booking Calendar plugin for WordPress is vulnerable to Unauthenticated Post-Confirmation Booking Manipulation in all versions up to, and including, 10.10. This is due to the plugin not properly requiring re-verification after a booking has been made and a change is being attempted. This...

5.3CVSS7.2AI score0.00377EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/01/13 8:8 p.m.4 views

WordPress Booking Calendar plugin <= 10.9.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via 'booking' Shortcode vulnerability

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting via 'booking' Shortcode vulnerability discovered by Asaf Mozes in WordPress Plugin Booking Calendar versions = 10.9.2...

6.4CVSS5.8AI score0.00374EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder