4 matches found
CVE-2026-4911
The Booking Package plugin for WordPress is vulnerable to Price Manipulation in versions up to, and including, 1.7.06 This is due to the intentForStripe function passing user-controlled $POST'amount' directly to the Stripe PaymentIntent API without validation, and the commitStripe function ignori...
CVE-2026-4911
The Booking Package WordPress plugin (versions up to and including 1.7.06) is vulnerable to unauthenticated price manipulation via the amount parameter in PaymentIntent creation. The root cause is that user-controlled $_POST['amount'] is sent to Stripe without validation, and the server-calculate...
CVE-2024-30516 WordPress Booking Package plugin <= 1.6.27 - Price Manipulation vulnerability
Improper Validation of Specified Quantity in Input vulnerability in SaasProject Booking Package allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booking Package: from n/a through 1.6.27...
WordPress Booking Package Plugin <= 1.6.27 is vulnerable to Other Vulnerability Type
Software Booking Package Type Plugin Vulnerable versions = 1.6.27 Fixed in 1.6.29 OWASP Top 10 A8: Software and Data Integrity Failures Classification Other Vulnerability Type CVE CVE-2024-30516 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID 14a6927c22b5 Credits Abdi...