Lucene search
Pinpoint Booking System Security Vulnerabilities - 2023
cve
The Pinpoint Booking System WordPress plugin before 2.9.9.2.9 does not validate and escape one of its shortcode attributes before using it in a SQL statement, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks.
8.8CVSS
8.9AI Score
0.001EPSS
2023-02-13 03:15 PM
30
cve
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PINPOINT.WORLD Pinpoint Booking System plugin <= 2.9.9.2.8 versions.
5.9CVSS
4.8AI Score
0.001EPSS
2023-04-06 02:15 PM
12
cve
Cross-Site Request Forgery (CSRF) vulnerability in PINPOINT.WORLD Pinpoint Booking System plugin <= 2.9.9.4.0 versions.
8.8CVSS
8.8AI Score
0.001EPSS
2023-10-13 04:15 PM
23