CVE-2023-24407

Missing Authorization vulnerability in WpDevArt Booking calendar, Appointment Booking System allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking calendar, Appointment Booking System: from n/a through 3.2.3.

CVE-2024-10856

The Booking Calendar WpDevArt plugin is vulnerable to time-based, blind SQL injection via the id parameter in the “wpdevart_booking_calendar” shortcode in versions up to, and including, 3.2.19 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the exis...