Lucene search

Booking Calendar Security Vulnerabilities - May

cve

CVE-2022-33177

Cross-Site Request Forgery (CSRF) vulnerability in WPdevelop/Oplugins Booking Calendar plugin <= 9.2.1 at WordPress leading to Translations Update.

5.4CVSS

4.6AI Score

0.001EPSS

2022-09-06 06:15 PM

cve

CVE-2023-4620

The Booking Calendar WordPress plugin before 9.7.3.1 does not sanitize and escape some of its booking from data, allowing unauthenticated users to perform Stored Cross-Site Scripting attacks against administrators

6.1CVSS

6AI Score

0.001EPSS

2023-10-16 09:15 AM

cve

CVE-2023-51520

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPdevelop / Oplugins WP Booking Calendar allows Stored XSS.This issue affects WP Booking Calendar: from n/a before 9.7.4.

6.5CVSS

5.5AI Score

0.0004EPSS

2024-02-01 12:15 PM

cve

CVE-2024-1207

The WP Booking Calendar plugin for WordPress is vulnerable to SQL Injection via the 'calendar_request_params[dates_ddmmyy_csv]' parameter in all versions up to, and including, 9.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL quer...

9.8CVSS

9.5AI Score

0.001EPSS

2024-02-08 09:15 AM

cve

CVE-2024-6930

The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' attribute within the plugin's bookingform shortcode in all versions up to, and including, 10.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This make...

6.4CVSS

5.7AI Score

0.001EPSS

2024-07-24 08:15 AM