31 matches found
Cross site scripting
Auth. admin+ Cross-Site Scripting XSS vulnerability in Veribo, Roland Murg WP Booking System – Booking Calendar plugin = 2.0.18 versions...
CVE-2023-24402
CVE-2023-24402 affects the WordPress WP Booking System – Booking Calendar plugin for Veribo, with versions
CVE-2021-25061
The WP Booking System WordPress plugin before 2.0.15 was affected by a reflected xss in wp-booking-system on the wpbs-calendars admin page...
CVE-2021-25061 WP Booking System – Booking Calendar < 2.0.15 - Authenticated Reflected Cross-Site Scripting (XSS)
The WP Booking System WordPress plugin before 2.0.15 was affected by a reflected xss in wp-booking-system on the wpbs-calendars admin page...
CVE-2021-25061
CVE-2021-25061: WordPress WP Booking System plugin before 2.0.15 suffers a reflected XSS on the wpbs-calendars admin page. The vulnerability is authenticated (requires user login) and can execute JavaScript in the context of the affected site. Evidence across multiple sources confirms the flaw an...
WP Booking System <= 1.5.1.1 - CSRF to Authenticated SQL Injection
According to the original researcher, no CSRF nonces were present and therefore could be exploited by chaining with the CSRF issue...
CVE-2019-12239
The CVE-2019-12239 entry concerns the WordPress WP Booking System plugin (version 1.5.1) with a lack of CSRF protection, which allows reaching SQL injection issues that require administrative access. Connected documents confirm this vulnerability and its remediation guidance, e.g., Patchstack and...
CVE-2017-2168
Cross-site scripting vulnerability in WP Booking System Free version prior to version 1.4 and WP Booking System Premium version prior to version 3.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2017-2168
Cross-site scripting vulnerability in WP Booking System Free version prior to version 1.4 and WP Booking System Premium version prior to version 3.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2017-2168
The CVE-2017-2168 entry maps to the WordPress plugin WP Booking System. A stored cross-site scripting (XSS) vulnerability exists in WP Booking System Free versions prior to 1.4 and Premium versions prior to 3.7, allowing remote attackers to inject arbitrary scripts via unspecified vectors. Impact...
WP Booking System <= 1.3.3 - Authenticated Stored Cross-Site Scripting (XSS)
The WP Booking System – Booking Calendar WordPress plugin was affected by an Authenticated Stored Cross-Site Scripting XSS security vulnerability...