CVE-2025-11496

The Five Star Restaurant Reservations – WordPress Booking Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rtb-name' parameter in all versions up to, and including, 2.7.5 due to insufficient input sanitization and output escaping. This makes it possible for...

PT-2025-47435

The Booking Plugin for WordPress Appointments – Time Slot plugin for WordPress is vulnerable to unauthorized email sending in versions up to, and including, 1.4.7 due to missing validation on the tslot appt email AJAX action. This makes it possible for unauthenticated attackers to send appointmen...

EUVD-2024-48090

Malicious code in bioql PyPI...

CVE-2024-12032

The Tourfic – Ultimate Hotel Booking, Travel Booking & Apartment Booking WordPress Plugin | WooCommerce Booking plugin for WordPress is vulnerable to SQL Injection via the 'enquiryid' parameter of the 'tfenquiryreplyemailcallback' function in all versions up to, and including, 2.15.3 due to...

CVE-2024-13235

The Pinpoint Booking System – 1 WordPress Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the 'language' parameter in all versions up to, and including, 2.9.9.5.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

CVE-2024-13235 Pinpoint Booking System – #1 WordPress Booking Plugin <= 2.9.9.5.2 - Authenticated (Subscriber+) SQL Injection

The Pinpoint Booking System – 1 WordPress Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the 'language' parameter in all versions up to, and including, 2.9.9.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

CVE-2021-24930

The WordPress Online Booking and Scheduling Plugin WordPress plugin before 20.3.1 does not escape the Staff Full Name field before outputting it back in a page, which could lead to a Stored Cross-Site Scripting issue...