134 matches found
CVE-2025-12685
The WPBookit WordPress plugin through 1.0.7 lacks a CSRF check when deleting customers. This could allow an unauthenticated attacker to delete any customer through a CSRF attack...
CVE-2025-12685
CVE-2025-12685 affects the WPBookit WordPress plugin up to version 1.0.7 and arises from a missing CSRF check when deleting customers, potentially enabling an unauthenticated attacker to delete any customer via CSRF. Public sources consistently describe WPBookit
CVE-2025-12685 WPBookit <= 1.0.7 - Customer Deletion via CSRF
The WPBookit WordPress plugin through 1.0.7 lacks a CSRF check when deleting customers. This could allow an unauthenticated attacker to delete any customer through a CSRF attack...
CVE-2025-12685 WPBookit <= 1.0.7 - Customer Deletion via CSRF
The WPBookit WordPress plugin through 1.0.7 lacks a CSRF check when deleting customers. This could allow an unauthenticated attacker to delete any customer through a CSRF attack...
WordPress plugin WPBookit 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
PT-2026-1050
Name of the Vulnerable Software and Affected Versions WPBookit versions through 1.0.7 Description The WPBookit WordPress plugin does not properly validate Cross-Site Request Forgery CSRF tokens when deleting customer data. This allows an attacker, without needing to be logged in, to delete any...
WordPress WPBookit plugin <= 1.0.2 - Insecure Direct Object Reference to Unauthenticated Privilege Escalation via Email Update vulnerability
Insecure Direct Object Reference to Unauthenticated Privilege Escalation via Email Update vulnerability discovered by kr0d in WordPress Plugin WPBookit versions = 1.0.2...
WordPress WPBookit plugin <= 1.0.6 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Ryan Kozak in WordPress Plugin WPBookit versions = 1.0.6...
CVE-2025-12135
The WPBookit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'csscode' parameter in all versions up to, and including, 1.0.6 due to a missing capability check on the savecustomecode function. This makes it possible for unauthenticated attackers to inject arbitrary web...
EUVD-2025-198406
The WPBookit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'csscode' parameter in all versions up to, and including, 1.0.6 due to a missing capability check on the savecustomecode function. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2025-12135
The WPBookit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'csscode' parameter in all versions up to, and including, 1.0.6 due to a missing capability check on the savecustomecode function. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2025-12135 WPBookit <= 1.0.6 - Unauthenticated Stored Cross-Site Scripting
The WPBookit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'csscode' parameter in all versions up to, and including, 1.0.6 due to a missing capability check on the savecustomecode function. This makes it possible for unauthenticated attackers to inject arbitrary web...
WordPress plugin WPBookit 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...
PT-2025-47691
Name of the Vulnerable Software and Affected Versions WPBookit versions up to and including 1.0.6 Description The WPBookit plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to a missing capability check on the save custome code function, allowing unauthenticated...
EUVD-2025-21200
Malicious code in bioql PyPI...
EUVD-2025-1626
Malicious code in bioql PyPI...
EUVD-2025-7716
Malicious code in bioql PyPI...
EUVD-2024-52405
Malicious code in bioql PyPI...
EUVD-2025-9797
Malicious code in bioql PyPI...
CVE-2025-7852
The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the imageuploadhandle function hooked via the 'addnewcustomer' route in all versions up to, and including, 1.0.6. The plugin’s image‐upload handler calls moveuploadedfile on...