Wpdevelop, Oplugins Vulnerabilities and Security Issues — up to date CVE List

vulnrichment

CVE-2023-51520 WordPress Booking Calendar Plugin < 9.7.4 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPdevelop / Oplugins WP Booking Calendar allows Stored XSS.This issue affects WP Booking Calendar: from n/a before...

6.5CVSS

6.8AI Score

0.0004EPSS

2024-02-01 11:14 AM

cve

CVE-2023-51520

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPdevelop / Oplugins WP Booking Calendar allows Stored XSS.This issue affects WP Booking Calendar: from n/a before...

6.5CVSS

5.5AI Score

0.0004EPSS

2024-02-01 12:15 PM

15

cvelist

CVE-2023-51520 WordPress Booking Calendar Plugin < 9.7.4 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPdevelop / Oplugins WP Booking Calendar allows Stored XSS.This issue affects WP Booking Calendar: from n/a before...

6.5CVSS

6.6AI Score

0.0004EPSS

2024-02-01 11:14 AM

nvd

CVE-2023-23991

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPdevelop / Oplugins Booking Calendar allows SQL Injection.This issue affects Booking Calendar: from n/a through...

7.6CVSS

7.9AI Score

0.0004EPSS

2024-03-26 09:15 AM

2

cve

CVE-2023-23991

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPdevelop / Oplugins Booking Calendar allows SQL Injection.This issue affects Booking Calendar: from n/a through...

7.6CVSS

7.6AI Score

0.0004EPSS

2024-03-26 09:15 AM

24

cvelist

CVE-2023-23991 WordPress Booking Calendar plugin <= 9.4.3 - SQL Injection

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPdevelop / Oplugins Booking Calendar allows SQL Injection.This issue affects Booking Calendar: from n/a through...

7.6CVSS

8.1AI Score

0.0004EPSS

2024-03-26 08:56 AM

prion

Cross site scripting

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPdevelop / Oplugins WP Booking Calendar allows Stored XSS.This issue affects WP Booking Calendar: from n/a before...

5.4CVSS

7AI Score

0.0004EPSS

2024-02-01 12:15 PM

6

nvd

CVE-2023-51520

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPdevelop / Oplugins WP Booking Calendar allows Stored XSS.This issue affects WP Booking Calendar: from n/a before...

5.4CVSS

6.4AI Score

0.0004EPSS

2024-02-01 12:15 PM

1

cve

CVE-2023-50840

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdevelop, oplugins Booking Manager.This issue affects Booking Manager: from n/a through...

8.8CVSS

9AI Score

0.001EPSS

2023-12-28 07:15 PM

19

prion

Sql injection

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdevelop, oplugins Booking Manager.This issue affects Booking Manager: from n/a through...

8.8CVSS

7.9AI Score

0.001EPSS

2023-12-28 07:15 PM

5

nvd

CVE-2023-50840

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdevelop, oplugins Booking Manager.This issue affects Booking Manager: from n/a through...

8.8CVSS

0.001EPSS

2023-12-28 07:15 PM

2

cvelist

CVE-2023-50840 WordPress Booking Manager Plugin <= 2.1.5 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdevelop, oplugins Booking Manager.This issue affects Booking Manager: from n/a through...

8.5CVSS

9.3AI Score

0.001EPSS

2023-12-28 06:54 PM

1

cve

CVE-2023-1977

The Booking Manager WordPress plugin before 2.0.29 does not validate URLs input in it's admin panel or in shortcodes for showing events from a remote .ics file, allowing an attacker with privileges as low as Subscriber to perform SSRF attacks on the sites internal...

8.8CVSS

8.6AI Score

0.001EPSS

2023-08-16 12:15 PM

31

cve

CVE-2022-33177

Cross-Site Request Forgery (CSRF) vulnerability in WPdevelop/Oplugins Booking Calendar plugin <= 9.2.1 at WordPress leading to Translations...

5.4CVSS

4.6AI Score

0.001EPSS

2022-09-06 06:15 PM

27

5

nvd

CVE-2022-33177

Cross-Site Request Forgery (CSRF) vulnerability in WPdevelop/Oplugins Booking Calendar plugin <= 9.2.1 at WordPress leading to Translations...

4.3CVSS

0.001EPSS

2022-09-06 06:15 PM

prion

Cross site request forgery (csrf)

Cross-Site Request Forgery (CSRF) vulnerability in WPdevelop/Oplugins Booking Calendar plugin <= 9.2.1 at WordPress leading to Translations...

4.3CVSS

4.7AI Score

0.001EPSS

2022-09-06 06:15 PM

5

cvelist

CVE-2022-33177 WordPress Booking Calendar plugin <= 9.2.1 - Cross-Site Request Forgery (CSRF) vulnerabiulity

Cross-Site Request Forgery (CSRF) vulnerability in WPdevelop/Oplugins Booking Calendar plugin <= 9.2.1 at WordPress leading to Translations...

5.4CVSS

5.8AI Score

0.001EPSS

2022-09-06 12:00 AM

wordfence

PHP Object Injection Vulnerability in Booking Calendar Plugin

On April 18, 2022, the Wordfence Threat Intelligence team initiated the responsible disclosure process for an Object Injection vulnerability in the Booking Calendar plugin for WordPress, which has over 60,000 installations. We received a response the same day and sent over our full disclosure...

8.8CVSS

1.3AI Score

0.001EPSS

2022-04-27 04:45 PM

12