Booking Calendar Security Vulnerabilities and Issues — Booking Calendar CVE List

Lucene search

WpbookingcalendarBooking Calendar

3 matches found

CVE•added 2024/02/08 9:15 a.m.•55 views

CVE-2024-1207

The WP Booking Calendar plugin for WordPress is vulnerable to SQL Injection via the 'calendar_request_params[dates_ddmmyy_csv]' parameter in all versions up to, and including, 9.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL quer...

9.8CVSS9.5AI score0.75579EPSS

CVE•added 2024/07/24 8:15 a.m.•33 views

CVE-2024-6930

The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' attribute within the plugin's bookingform shortcode in all versions up to, and including, 10.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This make...

6.4CVSS5.7AI score0.00089EPSS

CVE•added 2024/02/01 12:15 p.m.•26 views

CVE-2023-51520

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPdevelop / Oplugins WP Booking Calendar allows Stored XSS.This issue affects WP Booking Calendar: from n/a before 9.7.4.

6.5CVSS5.5AI score0.00077EPSS