Show filters
116 Total Results
Displaying 81-90 of 116
Sort by:
Attacker Value
Unknown

CVE-2023-24388

Disclosure Date: February 17, 2023 (last updated November 08, 2023)
Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Booking calendar, Appointment Booking System plugin <= 3.2.3 versions affects plugin forms actions (create, duplicate, edit, delete).
Attacker Value
Unknown

CVE-2022-3982

Disclosure Date: December 12, 2022 (last updated October 08, 2023)
The Booking calendar, Appointment Booking System WordPress plugin before 3.2.2 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE
Attacker Value
Unknown

CVE-2022-45824

Disclosure Date: December 05, 2022 (last updated November 08, 2023)
Cross-Site Request Forgery (CSRF) vulnerability in Advanced Booking Calendar plugin <= 1.7.1 on WordPress.
Attacker Value
Unknown

CVE-2022-45822

Disclosure Date: December 05, 2022 (last updated November 08, 2023)
Unauth. SQL Injection (SQLi) vulnerability in Advanced Booking Calendar plugin <= 1.7.1 on WordPress.
Attacker Value
Unknown

CVE-2022-43482

Disclosure Date: October 30, 2022 (last updated December 22, 2024)
Missing Authorization vulnerability in Appointment Booking Calendar plugin <= 1.3.69 on WordPress.
Attacker Value
Unknown

CVE-2021-36855

Disclosure Date: September 28, 2022 (last updated October 08, 2023)
Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in Booking Ultra Pro plugin <= 1.1.4 at WordPress.
Attacker Value
Unknown

CVE-2021-36854

Disclosure Date: September 28, 2022 (last updated October 08, 2023)
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Booking Ultra Pro plugin <= 1.1.4 at WordPress.
Attacker Value
Unknown

CVE-2022-33177

Disclosure Date: September 06, 2022 (last updated February 24, 2025)
Cross-Site Request Forgery (CSRF) vulnerability in WPdevelop/Oplugins Booking Calendar plugin <= 9.2.1 at WordPress leading to Translations Update.
Attacker Value
Unknown

CVE-2022-1463

Disclosure Date: May 10, 2022 (last updated February 23, 2025)
The Booking Calendar plugin for WordPress is vulnerable to PHP Object Injection via the [bookingflextimeline] shortcode in versions up to, and including, 9.1. This could be exploited by subscriber-level users and above to call arbitrary PHP objects on a vulnerable site.
Attacker Value
Unknown

CVE-2022-1007

Disclosure Date: April 11, 2022 (last updated February 23, 2025)
The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the room parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue