67 matches found
PT-2026-23139
Name of the Vulnerable Software and Affected Versions Roland Murg WP Booking System versions through 2.0.19.12 Description The Roland Murg WP Booking System contains a flaw that allows retrieval of embedded sensitive data due to insertion of sensitive information into sent data. Recommendations...
EUVD-2017-11351
Malware in sbrugna...
EUVD-2021-11973
Malware in sbrugna...
EUVD-2024-44855
Malicious code in bioql PyPI...
EUVD-2024-51528
Malicious code in bioql PyPI...
EUVD-2023-53681
Malicious code in bioql PyPI...
EUVD-2023-56232
Malicious code in bioql PyPI...
EUVD-2024-47916
Malicious code in bioql PyPI...
CVE-2024-13323
The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'booking' shortcode in all versions up to, and including, 10.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-8797
The WP Booking System – Booking Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.0.19.8. This makes it possible for unauthenticated attackers...
CVE-2024-8274
The WP Booking Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters from 'timelineobj' in all versions up to, and including, 10.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
CVE-2024-10027
The WP Booking Calendar WordPress plugin before 10.6.3 does not sanitise and escape some of its Widgets settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setu...
CVE-2024-50425
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Roland Murg WP Booking System wp-booking-system.This issue affects WP Booking System: from n/a through = 2.0.19.10...
CVE-2023-51520
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPdevelop / Oplugins WP Booking Calendar allows Stored XSS.This issue affects WP Booking Calendar: from n/a before 9.7.4...
CVE-2023-49758
Missing Authorization vulnerability in Roland Murg WP Booking System wp-booking-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Booking System: from n/a through = 2.0.19.2...
CVE-2021-25061
The WP Booking System WordPress plugin before 2.0.15 was affected by a reflected xss in wp-booking-system on the wpbs-calendars admin page...
CVE-2025-4669
The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpbc shortcode in all versions up to, and including, 10.11.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-4669
The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpbc shortcode in all versions up to, and including, 10.11.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
PT-2025-21789 · WordPress · Wp Booking Calendar
Name of the Vulnerable Software and Affected Versions: WP Booking Calendar plugin for WordPress versions up to, and including, 10.11.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's wpbc shortcode due to insufficient input sanitization and output escaping on...
CVE-2024-13821
The WP Booking Calendar plugin for WordPress is vulnerable to Unauthenticated Post-Confirmation Booking Manipulation in all versions up to, and including, 10.10. This is due to the plugin not properly requiring re-verification after a booking has been made and a change is being attempted. This...