Booking Calendar Security Vulnerabilities and Issues — Booking Calendar CVE List

WpdevartBooking Calendar

8 matches found

CVE•added 2022/12/12 5:54 p.m.•95 views

CVE-2022-3982

Summary (concrete details available) : CVE-2022-3982 affects the WordPress plugin “Booking Calendar” prior to version 3.2.2. The vulnerability is an arbitrary file upload flaw due to lack of validation, allowing unauthenticated users to upload files (e.g., PHP) and potentially achieve remote code...

9.8CVSS9.7AI score0.04493EPSS

In wildWeb

CVE•added 2024/12/09 11:31 a.m.•67 views

CVE-2023-24407

CVE-2023-24407 affects the WordPress plugin Booking calendar, Appointment Booking System (versions

8.8CVSS5.1AI score0.00478EPSS

CVE•added 2024/06/03 9:35 p.m.•57 views

CVE-2023-24373

The CVE-2023-24373 entry concerns the WordPress Booking calendar, Appointment Booking System plugin. Affected versions are ≤ 3.2.3, and the root cause is an External Control of Assumed-Immutable Web Parameter that allows bypass by manipulating hidden fields. The vulnerability is categorized as a ...

9.8CVSS4.2AI score0.00354EPSS

CVE•added 2024/12/24 11:9 a.m.•57 views

CVE-2024-10856

CVE-2024-10856 affects the Booking Calendar WpDevArt plugin for WordPress, up to version 3.2.19. The flaw is a time-based, blind SQL injection via the id parameter in the shortcode wpdevart_booking_calendar, conditioned on the theme option delete_prev_date being enabled. The issue arises from ins...

6.5CVSS7.4AI score0.00477EPSS

CVE•added 2023/03/29 12:29 p.m.•49 views

CVE-2022-47438

CVE-2022-47438 affects the WordPress plugin Booking calendar / Appointment Booking System (WpDevArt) up to version 3.2.3. The root cause is a stored XSS vulnerability in parameters that are not escaped, exploitable by authenticated users with Editor or higher privileges. Impact is described as a ...

5.9CVSS5.2AI score0.0038EPSS

CVE•added 2023/02/17 2:25 p.m.•44 views

CVE-2023-24388

The CVE-2023-24388 entry affects the WpDevArt Booking calendar, Appointment Booking System plugin for WordPress, specifically versions <= 3.2.3. The root cause is a Cross-Site Request Forgery (CSRF) vulnerability impacting plugin form actions (create, duplicate, edit, delete). Several connecte...

5.4CVSS5.5AI score0.00231EPSS

CVE•added 2023/11/06 7:36 a.m.•41 views

CVE-2022-47428

CVE-2022-47428 affects the WordPress plugin Booking calendar, Appointment Booking System (

9.8CVSS8.9AI score0.00675EPSS

CVE•added 2018/06/13 6:0 p.m.•40 views

CVE-2018-10363

The CVE-2018-10363 entry applies to the WordPress plugin “Booking calendar, Appointment Booking System” by WpDevArt, version 2.2.2. The vulnerability is described as an issue where multiple parameters can be manipulated by a remote attacker to change data such as prices. The connected documents c...

7.5CVSS7.5AI score0.01367EPSS