5 matches found
CVE-2019-12239
The CVE-2019-12239 entry concerns the WordPress WP Booking System plugin (version 1.5.1) with a lack of CSRF protection, which allows reaching SQL injection issues that require administrative access. Connected documents confirm this vulnerability and its remediation guidance, e.g., Patchstack and...
CVE-2021-25061
CVE-2021-25061: WordPress WP Booking System plugin before 2.0.15 suffers a reflected XSS on the wpbs-calendars admin page. The vulnerability is authenticated (requires user login) and can execute JavaScript in the context of the affected site. Evidence across multiple sources confirms the flaw an...
CVE-2024-8797
The CVE-2024-8797 entry concerns the WP Booking System – Booking Calendar WordPress plugin. Affected versions up to and including 2.0.19.8 are vulnerable to Reflected Cross-Site Scripting due to improper escaping when using add_query_arg/remove_query_arg in the URL, enabling unauthenticated attac...
CVE-2017-2168
The CVE-2017-2168 entry maps to the WordPress plugin WP Booking System. A stored cross-site scripting (XSS) vulnerability exists in WP Booking System Free versions prior to 1.4 and Premium versions prior to 3.7, allowing remote attackers to inject arbitrary scripts via unspecified vectors. Impact...
CVE-2023-24402
CVE-2023-24402 affects the WordPress WP Booking System – Booking Calendar plugin for Veribo, with versions