Lucene search

Booking Calendar Security Vulnerabilities

cve

CVE-2018-10363

An issue was discovered in the WpDevArt "Booking calendar, Appointment Booking System" plugin 2.2.2 for WordPress. Multiple parameters allow remote attackers to manipulate the values to change data such as prices.

7.5CVSS

7.5AI Score

0.002EPSS

2018-06-13 06:29 PM

cve

CVE-2022-3982

The Booking calendar, Appointment Booking System WordPress plugin before 3.2.2 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE

9.8CVSS

9.6AI Score

0.222EPSS

2022-12-12 06:15 PM

cve

CVE-2022-47428

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WpDevArt Booking calendar, Appointment Booking System allows SQL Injection.This issue affects Booking calendar, Appointment Booking System: from n/a through 3.2.7.

9.8CVSS

9.7AI Score

0.001EPSS

2023-11-06 08:15 AM

cve

CVE-2022-47438

Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in WpDevArt Booking calendar, Appointment Booking System plugin <= 3.2.3 versions.

5.9CVSS

5.2AI Score

0.001EPSS

2023-03-29 01:15 PM

cve

CVE-2023-24388

Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Booking calendar, Appointment Booking System plugin <= 3.2.3 versions affects plugin forms actions (create, duplicate, edit, delete).

5.4CVSS

5.5AI Score

0.001EPSS

2023-02-17 03:15 PM